last executing test programs:

15.494183494s ago: executing program 2 (id=1252):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x4)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000200), 0x0, 0x0, 0x0)
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000080)={0x10001, <r7=>r5})
mmap$dsp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r7, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x2, 0x3, 0x401}, 0x14}}, 0x0)
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000005b40)='./file0\x00', 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="646174615fa97261fc4d1ac03e1f8238a9ceb4186e"], 0x1, 0x5b16, &(0x7f0000011200)="$eJzs3Q+MXXWdKPBz7p1p73TaMgWBWv50gNJXeAJTig9oMA68CPi0iKBFBWkrnZbB/oFOa6GKLSSiQR6vyXtRnomEEE14IQTfknX9s6aYRczKGpu4bHF3XQxoVnaDNQjapcRuZu45M/eeOb977tx7p7Tw+YTOmXPmd7+/7/d3fnPnnHMP90YAAAC8LTz9hZE/XrXgfT+5e+i1nVd+b+NdUW95bHslbdCXLG9/szLkcJrZNX9smZ0XuwdnPP3e+z743Nc/+c0XXpy3ZOk3brn84G2zV9x77+DPLzz40z/fWRQ3nU9nTazHL8dRdMrPlnzlnh89c+LotjiKonLctyuK5sWlH86LMyEGXo+iaG2yclzmh0+8tmzd6HLXl2fWbT8m0858f3urJPPsiz/YfPJvz738uT2/uOy1gcrrW3ZNNIkrNfMpiuaurn18dxRFPcm/Uelsm58+OFleHUXRrJrHXVSQ1+lN5n9OYH1BspyRLHsL4qQ/Py2z3t1kHl2ZZaXJx7WqNM3xU+n+mz3N/Wef3LL9zEuW306WZ00xfjn9F0elOOoa725DPDFHopr9Fkfx2L6fWC/VzYU4MzfiKIoz66XMerk7U9dYv8lEK8dx/fa0XWZ7f7K9K9l+WsFcuzaw/Z1pvckv6oFM/dmgvZO+Ga9rTJrXrxrkcjiUap6D8ran+VaSndGbbOuNj530mEM50p+tfPH+x1/Y8eCivkAe8bfiJH7cUvxnN168b/GOX+6fH4q/upTEL7UUf+TcVx576ZofnxiMvzuNX24p/vMXLP7q93duPxAcn9+n49PVUvzy8rMPLr17YGUw/4fS+JWW4j982aNfm/vupx4L5j+Qjk9Pa+MzvO2N6x85fn8wfpTGn9VS/EtfPeHM5ZsfXR+M/2Q6Pr0txX9mZHjFPTcv3N4fir83jT+npfin//qG6/fsG3o+mP9gOj59LcV/z6JLr16xf9N9oefOeNfh+gsL8NZ0XHKM9aVkvdXzzHbVnC880BdXj/lmJ//mdLKjjNF+5k5jfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADenh7uWzv05++e+kZXsj4z+ebUcnWZbp8RRXFPFEUjW9ds2Tq8aX3/LZu3bdm0ZkP/mq39Q5u2brmj/4J39W8ZunXDmjtGfzpwzrLq446N4uoyPmVS34cOHTpU6qvflvb36Qv/9xP9p+77xygaOP7np3YF8//QnQv++7ycrxnx4KEN/+vMG1+a/bfbqhv6krz6AnlFgbwueeTl5b/9Xs//jKKBExrl9a9LrvhRXUJjGybiJEozo9LYNzPjWbl5jGed5JOOV9e64Q1DA8XjWw7U8ZsDf/HR7SM37aqObyVYR5Pj2zN46E+bvvPkTZfsuLq64Ujd70XjnVaR5peOXyUZ77lJXXMDdXUF6rrnzNP+5R/+78aXd0UDXX9YOLnvorq6kwnQHb+zqX7THmbF9WNSSdqnezx93HlbN9563sgdO84Z3rhm/dD6oU3Lli276IJl5194/n87b6z06teO1Z/2/1+arP/wzKfNFw4Op1+bm09FeRWNx2hexeNRm1Ho9+8dH7nin+76y93XVDcUzfO09fjzSbKcNbqbl0Y1823yWOXVVTQO3YFxWH9t7/97tX/zfxQ9D9XumdqvGfHgoT8M/917Z+8548bqhsPyPF+bUIvP8+NZJ/l01z7vLD1yx3dmVE7q6s3N64y7X/nY33837h/Pb8aM6PY1W7duWVr9epjqese1n+tsXRct/vfbdqy+a96kus6vfp2dZDo7Pik3r+zWtK6FY1/LUTIs6SKqlPLr646q+WX/LqSPy45qb/Kz3vjY3Lqy0p+tfPH+x1/Y8eCi0EjH36r22BPNqS7jkwMtN2QeWB5POK//ovkRRdHq2m3pOD75nf/Tv+cn8zYWzo/qzJj0NVve4KHPXzz7NyPX7V1R3XB4nldqEmrxeWU864l8xsZr7Hnl/COnjjdvP9f9YsWDh/ac/K71y/56a/JrXzS+463zxndZFBU9DyzMrE/X80C2n4n2+fH6M+u9Ubml543nL1j81e/v3H4g+Lzx+2afNz5Xt1Zu83kjDsynfZ///3/67L5n39+55433Ly5/4p8XLksG9Ej5fask87oSmNfjWSf5xLXz+tybNm9YW91+5B7/JsuC85/07/fIHTs+vWbDhqEtI83V1exxSdpPdpRbPS5Jf/uOLagr3V8TdU3fN82MV7O/b2n+a7Pj1eLvG+TpjeKW/p49u/HifYt3/HJ/XyBuvLqUxC+1FH/k3Fcee+maH58YjL87jd/VUvzy8rMPLr17YGUw/kNxEr/SUvyHL3v0a3Pf/dRjwfgDaf49rR1PDG974/pHjg+Pf5TG720p/jMjwyvuuXnh9mD8vXHSz+ixXRQ98dqyddX1OOpOnofTPLrr8oqy63FmvZRZL9eul6rX4Mc7KMdx/fa0XbL9tJpc8lwX2J4ePVbmV5cH0vUo+03j7UeaUs0xQd72ouNrAHgrSV//T4810tf/FyZ/EGte/68u4xl1j5+fHE/Nn9g0dp53V3/1D+lUr+uleWSv66Xxl5xRH6PV63pF1+VOz6yneS1MRiXNp8Fxw+yoietyk/tpfF0uU37xdbP+L2U2dI1d2wvtt+7kSkXe68yZfGePRmj3OHt+ftbjx9mheZe93pG+Th83Oe+y90Wk+zd7X0Qaf0HmAlqr90W0O+/SyxoN5t1YZcXXUyfPi6jBuE7Mi/xo2XlRbR/XZBps31edR9P7utTRf74/vdffXU8IxE/+jhzp5/vp9vT5oavJ6wArA9s7dR0g/e1P8/pVg1wOB9cBAGDi/D89phg9/x/9W92fOWwvOm/JnmWk8YL3sZTz8yk6/518P9uslo77Ln31hDOXb350ffC4+Mlm70u5tW5tVsF9KUXjuCizXjiOgVtBiq47LM60743mtDSOp//6huv37Bt6PjiOg9UDqeJx3F23NqfNcVySWS8cx+78rIrGMdtP0fw9K7Pem9wRNNVxf8+iS69esX/TfcFx39XsuD9Ut9ZXMO7O0wPxnacfEefp03098k27DpBct56u6wDXBrZP9TpA76Rvxusac9RdBwj8XQCAo1l6/j9+v3xy/v83mXbtnh8Gj9sGO3M/a/C4bfy4tr3j8mD+48fl7Z0XBeOPnxe1d94SHJ/x85b2zruC8cfPu9q7ThMcnyfT8WnvuD/0vwukx/1H/3nR9F5ncF6UrEfZb6qcFwEAcCRIz//Tw9X0/v+nkvXssfH0n+dO93nodJ9HT/d1hum+TnK0n+ce7dcZpvs6m+sArgMUcx0AAOCt4X3J8sYm23eN3UMcRZ+66ebzV60d+syqdVuGhkZuXXPT0KrhTcNbx9t1j515Tb5POtRf0X3See1nNWi/Khi/Pp/LA+1D2q0/1F9R/XntG9W/Ohi/Pp8rAu1D2q0/1F9R/XntG9W/Jhi/Pp8rA+1D2q0/1F9R/XntG9X/qWD8+nzeH2gf0m79of6K6s9r36j+m4Lx6/P5H4H2Ie3WH+qvqP689o3qz75fZqj+DwTah7Rbf6i/ovrz2jeqfygYvz6fDwbah7Rbf6i/ovrz2jeqf10wfn0+KwLtQ9qtP9RfUf157RvVvz4Yvz6fqwLtQ9qtP9RfUf157RvVf3Mwfn0+Hwq0D2m3/lB/RfXntW9U/3Awfn0+Vwfah7Rbf6i/ovrz2jeq/5Zg/Pp8PhxoH9Ju/aH+iurPa9+o/k8H49fnc02gfUi79Yf6K6o/r32j+jcE49fnc22gfUi79Yf6K6o/r32j+jcG49fn85FA+5B26w/1l60/W1Ze+0b1bwrGr8/no4H2Ie3WH+qvaP/ntW9U/+Zg/Pp8Vgbah7Rbf6i/ovrz2jeq/9Zg/Pp8rgu0D2m3/lB/RfXntW9U/23B+PX5fCzQPqTd+kP9FdWf175R/VuC8evz+XigfUi79Yf6K6o/r32j+keC8evz+USgfUi79Yf6K6o/r32j+rcG49fnc32gfUi79Yf6K6o/r32j+rcF49fnc0OgfUi79Yf6K6o/r32j+j8TjF+fzycD7UParT/UX1H9ee0b1b89GL8+nxsD7UParT/UX1H9ee0b1X97MH59PqsC7UPG69+6ZWho1bZb167ZOrRq0+a1QyOrtm8Z3rp1KDlQa/e+xOB9Zcl9id1RV8P6F2TWj0neH+iYwPsDZdunYU8a+2by+wNlu+0qeJ+cov2V7b/ofYby2ufNt9D+LXo+aHY+ZNX9flQnyfCmkaEtk5+/exqOR+2ciMZum+upLuMTmmqffbvOQDeFmq+n0rCe7OaZyY2AM+Pjm2ofBT4PbqqarycO1pOXx1Q/xy4NO6XPsct8mSTnPVrr6l03MvYkPbxmw/COocn5zzoC8n9zxrE0KY+i/R9n8piXZDIv9Hlvgby3f/vfHv7d7/7qA1E0cHz55LbGLx48tPrACZ/62SUzzxvNv9Qw//GW6ecqF3z+YbZ9Wk/Xhs0jW//rus3bNuW/gpbe71waX5+m+52TOstN3r8cut9jqvcvx5O+OTI1e/8yAADA20X6//+n56vzk/8HdV7mEkHz14Hb+/+jg9eB9zZ3HTh7NaLoOnC2fVp2s9eBe9u8DpztP3SdttSgfaPXXZq9DvyJQPupan6etPc+AMF5koxU0TzJ/n/4RfMk236q86SnzXmS7b9onuS1b/T6dLPz5LpA+5Dm50N77zsRnA8Dzc2H7OdqFs2HbPupzodKm/Mh23/RfMhr3+h+nWbnw0cC7ZvV/Pxo731hgvNjdXPzY/zzUnZVF0XzI/v5KlOdH3Gb8yPbf9H8yGvf6H7GZufHhwPtU83v//betye4/3c3t/+zn9tStP+z7ae6/0vt7f9JL6wU7f9svkX3cze7/68KtK9NdGL/j+74sf0+tGr75i2190Cn+3/XNH1uS0jz+U3v59a0qvn8p/d9n6Y//+l9X6npz7+986Zg/nvbe6Wr+fyn93OJWnXYXo9N3myq6P2nil6n/Xhg+1Rfp50x6Zsjk9dpAQAAYPqlr/+nH8efvj/8l5Nl4GP6W3b0f763z9/Ojd+hz98uuo7pel6Dzo4ArucBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xsyu+WPLp78w8serFrzvJ3cPvbbzyu9tvGv34Iyn33vfB5/7+ie/+cKL85Ys/cYtlx+8bfaKe+8d/PmFB3/65zsLA/dVF2clq5Uoil+Oo+iUny35yj0/eubE0W1xFEXluG9XFM2LSz+cF2ciDLweRdHa8Tzrf/jEa8vWjS53fXlm3fZjMkGydUW95TSfujyj2wsr4ihUSebZF3+w+eTfnnv5c3t+cdlrA5XXt+yaaBJXauZTFM1dXfv47iiKepJ/o9LZNj99cLK8OoqiWTWPu6ggr9ObzP+cwPqCZDkjWfYWxEl/flpmvbvJPLoyy0qTj2tVaZrjp9L9N3ua+88+uWX7mZcsv50sz5pi/HL6L45KcdQ13t2GeGKORDX7LY7isX0/sV6qmwtxZm7EURRn1kuZ9XJ3pq6xfpOJVo7j+u1pu8z2/mR7V7L9tIK5dm1g+zvTepNf1AOZ+rNBeyd9M17XmDSvXzXI5XAo1TwH5W1P860kO6M32dYbHzvpMYdypD9b+eL9j7+w48FFfYE84m/FSfy4pfjPbrx43+Idv9w/PxR/dSmJX5pS/HLys5FzX3nspWt+fGIw/u40frml/J+/YPFXv79z+4Hg+Pw+HZ+uluKXl599cOndAyuD+T+Uxq+0FP/hyx792tx3P/VYMP+BdHx6Whuf4W1vXP/I8fuD8aM0/qyW4l/66glnLt/86Ppg/CfT8eltKf4zI8Mr7rl54fb+UPy9afw5LcU//dc3XL9n39DzwfwH0/Hpayn+exZdevWK/ZvuCz13xrsO119YgLem45JjrC8l662eZ7ar5nzhgb64esw3O/k3p5MdZYz2M3ca4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NY0dMUDO6/Yu+rKrjiK4kCbQznSn5VnDA72t9BvefnZB5fePbCydtv8FuIAAAAAxdLz8NL4lko0P9oe90Qn5bZPrxGclK7F9duz1xB6Jlp2JE6pQ3HKHYrT1aE43R2KM6NDcWZ2KE6lIE4lai5OT8M4pabzmdWhOL0dijO7Q3HmdCjO3A7FOaZDcfoaxml+Hs7rUJxjOxTnuA7FeUeH4hzfoTgndCjOiR2Kk72mPNV5OCdpuSAUZ+ybcmGcrrg8/oO86+lpP6dkHleaYj+9TfaTvWY/1X56muznjDb7qTTZz+I2+4mb7OesNvspFfSTztvbs/ml/aRrTc7/O1qMszATZ0eH8vlsh+J8rkNx7uxQnM93KM7ONuMANCs9/584b+yLZnZdEs1KnnGyVwHS893q34fJf+8q2RP0RBrv5Mz2GUXxsifqmXgLO5zf6Znt3XXxusaPmxrE66uNtyjzw8J6sxcUMvktmWq87IUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhGQ1c8sPOKvauujOJo9L9ch3KkPyvPGBzsb6HflS/e//gLOx5cVLttZlcLgQAAAIBC6Xl49/iWSjSz67xoRjyjrl0luQ5QSdbLfdXlf7JrfzFyVWUAwM/dmZ0ZtgW3BupACh1ZumJEWroof1LDRR9miUEJYDRgulvKsG663UV2m9IVWesD8UEDiSauPhmeMIQHNSgqyfKgMSgJmyg2EbQvEq0GmlCS1sRkzO7eO/8601nGxhb8/R7uvXPOd75vzmzT5DszUalv9T4QbTpjfDaJ3z63/8Hts4fmPzq5f89EZaIyPTIycuP1Iztv2Pnx7Q9MTlV2rF1Dvku+/iTf7KH5fXumpioPza69bn3fxWRdsT40vnI5nLzv93epEyXx9TqH5vdl0oc9Z/Wh+18LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrUp5caG8PDY6EIUQdYiptpHOZXJxXOqh7q1vb95288zTE41j+WwPiQAAAICu0j68vzZSCPlsJmTCpauvrqyHDoZQ7/sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/P5Xy4kJ5eWx0QxRC1CGm2kY6l8nFcamHur+bnbz9sS9tPdg4VuwhDwAAANBd2of31UYKoRiGQn90aVNcejZwWcv61rg0z+XrjGs9O+gUN7TOuOF1xn24S9xnkvvDAQAAAN790v4/WxsZDPnshR37/259fRq3tSUuk9x7+a0AAAAA8N9J+/9cbaQY8tlirV9fb79/ZUtcur7b9/bp+m7f26dxV3eo0/p9PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw/qqUFxfKy2OjmSiEqENMtY10LpOL41IPdY9eP/zdXy4cPNU4ls/2kAgAAADoKu3D6613IeSzA6E/bFjt+28c/ueX58cPb+ofTKZzufDwnrm5h3auXdO4oa+/9YU//DwqnRZ33dr1nGwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4qyrlxYXy8tjoBVEIUYeYahvpXCYXx6Ue6h6dPPDve5+65HjjWLGHPAAAAEB3aR9e7/0LoRhyIRc2r75q7PVX9LWs73RmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx3zB6a37dnaqrykAcPHjzUHs71/0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5olJeXCgvj40WohCiDjHVNtK5TC6OSz3UffKTT3//oo/96pnGsWIPeQAAAIDu0j683vsXQjH0h/5wyeqrdmcCq/3/4P/wTQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOeFSnlxobw8NnphFELUIabaRjqXycVxqYe6V/71i/cuHakcbRzLZ3tIBAAAAHSV9uG52kgh5LPXhXzYkryeal4QZZJ7+3OB+roHm5YNrHvdI03rMute942WnWWT3aytK6T5BtfutXWl09eVQgjFZF2xPjHetC480bTqwnW/zx80rRvssi4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAeahSXlwoL4+NRlEIUYeYahvpXCYXx6Ue6r6y/6Yjw/N/Pt44VuwhDwAAANBd2ofXe/9CKIbLw0Xh8tW+Pww2x6dxu5564+a//+KCb4WwY/Pvr8h2zP+3q8u/br2E0Ncc1BfC+5J6UYd6B3/6jyfffPNnnw5hxyWZLe+0XnPKuDp+avN9L+/Kbz/DBwMAAADvIWn/318bGQz57HTH/j/tvN9R/z9z8V2PbEquSUfesqJvMKnX16Hevhu+/ZPSFUf+tNL/n6neZ7962ac2hZkb4sn0ujbSIoqrU49v231s44sH0l2v1c+01E8/l9dP/fhzB2f3fm2tfiEUkvHLsu3qn35tcUFcPTn93At7d83f0Vw/22H/j2374F/++L39b6zUP7F1oFb/Q2fY/5nrX3x3+dXDzz5xZ3P9/g71J+7a8MO3SzP/at3/QEvi5JNf+4M3/BVaRHH1xORLt2xcGtrdXD+EMN4YmH7+Lzz3ndLSbzftT+unvxW5eqilfsM/tcZry5lTFFeXtlwzMfL83Ibm+lFL/XT/Rx790cmvHHnlttb939+6/471W/d/23Dmnte2jvTy4xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHeBSnlxobw8NhoyIUQdYqptpHOZXByXeqj7iatuveP249PfbBzLZ3tIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJw1lfLiQnl5bLQvCiHqEFNtI53L5OK41EPd2WvfeubYnb/5QONYsYc8AAAAQHdpH17v/QuhGHIhFwZW+/7xU5vve3lXfnsYXJuNknt2amZ27iMPzByYvv8cvXMAAABgvdL+P1sbGQz57FWhP+n/l7ZcMzHy/NyGtP8PIYyvXAoPTE5VRkLtnOC24cw9r20dKdXOCRrjrt07M5UcE6R5H71p4+uzn1++vW3enfW4E5Mv3bJxaWh3Gtef3FfjrqvHTT2+bfexjS8eSOP60nOKlbgd9biT08+9sHfX/B3pfKYxX0PcxXeXXz387BN31vIk94GkLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX0chVhVxHIBn7t3Vq3fddotykyIVEw2SlYpKiFYh6aENKfDFAh+yMjKpJQwh3IQsTMKniqCIKAhECoIeirCgDJIoiNAewtAe6iE2og1xo2J3Z3bvHj3tdmoV5PvgMM6ce37zP3PGs/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5NbetZ6w9/PTA73cuuu3z3VuGd93+/ran9vfNOXzrvjuOvXLvmydOdq9Y/cZD60ce7ejfu7fv6xtHvvjzyWmDnxhvVqZuI4T4cwzhyi9XvLDn0yMLR8diCKEeuwZD6I61j7tjIaH3dAjhvok6p558d/i6+0fbwefmThm/qBBSvK/QrOd6xnVNrZcLSyPts2c+3H7Fj6vWHzv07brh3sbpxwYnPxIbLfsphM7Nrde3hxDmpWNU3m09+eLUbgghzG+57qZp6lo6w/qvLekvSu2c1DanycnnlxT67TOso63QNmZ4XVW1Wc7P8vPrmOX5iy+34jzdqX0vtSv/ZX49HzHUYmibmO7hOLlHQstziyGOPfvJfm3KXoiFvRFDiIV+rdCvtxfua2zetNHqMU4dz58rjC9O421pfMk0e+3ukvHL8/2m/6inCvdfDG2e8Y+J+xqT6/r+H2o5F2ot76Czjed6G+lhNNNYM158xjV/nUU+t/Hk82+f2Pnqsq6SOuI7MeXHSvnfbLv56PKd3w31lOVvrqX8WqX8gVW/Hvzprs8Wlubvz/n1SvnHr1/+4ge7dpwqXZ9f8vq0Vcqvr7lmZPXu3o2l9b+W8xuV8l9fd+Dlzhs+OVhaf29en3nV1mfr439seuvSodL8kPPnV8pf+9tlV6/ZfuCB0vyP8vo0K+UfGdjav+fBq3YsLsv/KucvqJS/9Id7Nh06uuV4af19eX26KuXfsmzthv6hR/aVvTvj4Ln6CwtwYbokfcd6NvWr/s78r1p+L7zUFce/83WkY8H/OVHB6Dyds5gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUwEAAP//wa5XIQ==")

12.215574189s ago: executing program 2 (id=1258):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc8734c295cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f244a3c307145452ce64dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c65070020d7df0abc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3593], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000}, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100)

10.990477209s ago: executing program 0 (id=1261):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f000041f000/0x1000)=nil, 0x1000, 0x2, 0x10, r3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r5, 0x107, 0x0, 0x0, &(0x7f0000000080))
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={0x0}}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0xa718}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0x33, 0x200c, 0x0, @link_id}, 0x20)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0)

10.87372528s ago: executing program 2 (id=1264):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x46f, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b24156d5735d1ee7064b07bde3a7643cb7631057"})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$kcm(0x15, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet6_sctp(0xa, 0x0, 0x84)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000140), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38)
write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x5)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(0x0, 0x7)
socket$inet6(0xa, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="042f"], 0x4)
syz_usb_connect$cdc_ncm(0x0, 0x7e, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xb2ff}, {0x6}, [@country_functional={0xa, 0x24, 0x7, 0x0, 0x0, [0x0, 0x0]}, @country_functional={0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x4}}}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.710600986s ago: executing program 0 (id=1265):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@assoc={0x18}], 0x18}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_setup(0x20000000001005, &(0x7f0000000880)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r1, &(0x7f0000000080)='=', 0x11}])

8.430210087s ago: executing program 0 (id=1266):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x3}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x5, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x90)
fsetxattr(r5, &(0x7f00000000c0)=@random={'os2.', '\x00'}, &(0x7f0000000100)='+:[^$,\\\x00', 0x8, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x80c02, 0x0)

8.317105169s ago: executing program 3 (id=1268):
shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
syz_mount_image$erofs(&(0x7f00000005c0), &(0x7f0000000580)='./file3\x00', 0x2000000, &(0x7f0000000200)=ANY=[], 0x1, 0x1ff, &(0x7f0000000600)="$eJzsmL9v00AUx793dtwaISSWDiwMVKII6tiOQF06FAmJCSG1/JogoqYqcRuUGolYYohYWGBjQGJh4B9gyJCJgY1/AAkGQEJiICOz0dmX5Bw7CUmcifcZLt+79+7H90V6g0EQxH/Lj+9/vr24vLFzAcBxrGJJrv/SAMYSzZX8r68fn3+1eeXN+y/vPh6eeNoZPk9siaL0wvKY+3UAH7Y0BP2bUruxKn93wPv6BjjOSX0LDJbU98BxU2oPDHekfqjousi3rAf7vmfdr/u7QthicMTgiqEy/L5ui2FXzqMoipgSP2qGtarvew1F6DKWE5pJ9C+rrWTqVxLv2+LYVN4nqnj7+bOWmPdqYyv1c8DhSBMVMGzL9Q0s9WqTlETxf0ofnK9l/Oe6FakiMMnkchE1yhUn12fbvlbgn9cMgdRKCYOQqOSCvKeEXqCdrLj2ry5emgAW6zQWwBzbV7qdT9nQzyIexrB479MLE2GNz1OxfAF8bif9I3rLcFbpT7rSP8rBwaPyUTNc3z+o7nl73qHrVi7ZDPZFtxw3omTM9L1Bfzbj/nRMOb80ItfgBp5Ug6DhJKPBDJgIgoYbz12l426367/vym0BrgI4k0xE2zRGvgZgRpLD41yh1rQx6QRBEARBEARBEARBEARBEFNwGiz+CjoB93qc/TcAAP//1AJp/Q==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg$unix(r4, &(0x7f0000002600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
llistxattr(0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x6000)

7.735651866s ago: executing program 2 (id=1269):
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x10000, 0x20001, 0x6}, 0x48)

7.235506602s ago: executing program 0 (id=1270):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000000180)=""/96, 0x110, 0x60}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={&(0x7f0000000440)=""/80, 0x50, <r1=>0x0, &(0x7f0000000c00)=""/190, 0xbe}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000480), 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000380), 0x208e24b)
readv(r2, &(0x7f00000001c0)=[{&(0x7f00000006c0)=""/211, 0xd3}, {&(0x7f00000007c0)=""/177, 0xb1}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e)
sendfile(r2, r2, &(0x7f0000000000)=0x8, 0x4)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000bc0)='./bus\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@delalloc}, {@noblock_validity}, {@debug}, {@test_dummy_encryption}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")

6.632963945s ago: executing program 3 (id=1273):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x88, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x3}}}}]}, 0x88}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23fde3cb79ed88031e0525844da66056aa14d12625411d03e53ce8b21eb6a1f226e36e0cac952721ddf616e87e9ffe93ac1e52dd133000344f88e2bd1940b122e4b8bfe75b7064af951aebf4702ad6acc0594005cf451e566a70a32db2041f15744318ba584e6b34cb67ef7e7c0f5b45bb40534e3afdd3909e48f4e3e368043a32ed1c11081d1cbc2d4408637fcc3d9c30aa0f86b4d38219b35ad30cb1f4388f03e1d475300dde6374b94340632c98c8cb13273cece1688495104", 0xc1, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r6, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000})

6.110439617s ago: executing program 1 (id=1275):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f000041f000/0x1000)=nil, 0x1000, 0x2, 0x10, r3, 0xa3f24000)
r5 = socket$packet(0x11, 0x0, 0x300)
getsockopt$packet_int(r5, 0x107, 0x0, 0x0, &(0x7f0000000080))
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={0x0}}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0xa718}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0x33, 0x200c, 0x0, @link_id}, 0x20)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0)

6.081427222s ago: executing program 3 (id=1276):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'veth1_to_bond\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0)

6.080566093s ago: executing program 4 (id=1277):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x20000000001005, &(0x7f0000000880)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r1, &(0x7f0000000080)='=', 0x11}])

5.652908842s ago: executing program 4 (id=1278):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000011c0)={{0x2, 0x0, @multicast1}, {0x0, @broadcast}, 0x68, {0x2, 0x0, @broadcast}, 'veth1_macvtap\x00'})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0x10, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000000c0)="91685102d300000013000010888e", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r6, 0xc008551a, &(0x7f0000000100)={0x2, 0x8, [0x0, 0x0]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000240), 0x208e24b)
setsockopt$MRT6_PIM(r9, 0x29, 0xcf, &(0x7f0000000540), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r9, 0x0)
r10 = dup(r8)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001d008104e00f80ecdb4cb9f207c804a00d000000880802fb0a000200250ada1b40d8080cc500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

5.262214522s ago: executing program 3 (id=1279):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xd, &(0x7f0000000040), 0x5b)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x1)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000004c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x27, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be8410f2802e944af80373be2666b665770173fbd1883303b6ac4749393ad08f139a68f00"}, 0xd8)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1, 0xfffb, 0x5, 0x1}, 0x48)
clock_gettime(0x0, 0x0)
recvmmsg(r2, &(0x7f0000000280)=[{{&(0x7f00000001c0)=@phonet, 0x80, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/217, 0xd9}], 0x1, &(0x7f0000000840)=""/203, 0xcb}, 0x5}], 0x1, 0x10042, &(0x7f0000000400))
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000480)={0x12, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"})

4.866683408s ago: executing program 1 (id=1280):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x3}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x5, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x90)
fsetxattr(r5, &(0x7f00000000c0)=@random={'os2.', '\x00'}, &(0x7f0000000100)='+:[^$,\\\x00', 0x8, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x80c02, 0x0)

4.210269179s ago: executing program 4 (id=1281):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0046209, 0x0)

4.040949901s ago: executing program 3 (id=1282):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x22, &(0x7f0000003740)=ANY=[@ANYBLOB="1800000000008e36d5d2057c35533fcd3f1a98ee9283080070609d87c0a18e0f000000000000000000001850000000000000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000005000000000000001840000000000000000000000000000000000c000000000000000000000000000500000000000000b7080000000000007b8af8ff00000000b7080000feffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000036c0)=ANY=[@ANYRES8=r3, @ANYRESOCT=r1, @ANYRESOCT=r1, @ANYRESOCT=r3, @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000005)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0))
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000024c0)=""/146, &(0x7f0000002580)=""/4096, &(0x7f0000003580)=""/208, 0x5000})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
stat(&(0x7f00000039c0)='./file0\x00', &(0x7f0000003a00))
read$FUSE(0xffffffffffffffff, &(0x7f0000003c40)={0x2020}, 0x2020)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1830000000000000000000000000f000040000001f000000c3000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x2, &(0x7f0000000100)=""/117, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x17, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22)

3.830136866s ago: executing program 1 (id=1283):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000480)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @private1}, r1}}, 0x48)

3.70177066s ago: executing program 0 (id=1284):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$kcm(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000008900)=[{&(0x7f0000008500)="88", 0x1}], 0x1}}], 0x1, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00')
getdents(r5, &(0x7f0000000200)=""/55, 0x37)
accept$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000025c0)="866b3d570029a5", 0x7)

3.588966116s ago: executing program 1 (id=1285):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCSREP(r0, 0x80044584, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x4, 0xa}, {0x6e, 0xd9, 0x4, 0x0, [0xffff]}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x7)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x3c)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x10}, @l2cap_cid_signaling={{0xc}, [@l2cap_conn_rsp={{0x3, 0x2d, 0x8}, {0x9, 0xff81, 0x1, 0x6}}]}}, 0x15)
syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0x500e, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = fcntl$dupfd(r4, 0x0, r4)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000280)={0x0, 0x11}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

3.089785924s ago: executing program 4 (id=1286):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x88, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x3}}}}]}, 0x88}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23fde3cb79ed88031e0525844da66056aa14d12625411d03e53ce8b21eb6a1f226e36e0cac952721ddf616e87e9ffe93ac1e52dd133000344f88e2bd1940b122e4b8bfe75b7064af951aebf4702ad6acc0594005cf451e566a70a32db2041f15744318ba584e6b34cb67ef7e7c0f5b45bb40534e3afdd3909e48f4e3e368043a32ed1c11081d1cbc2d4408637fcc3d9c30aa0f86b4d38219b35ad30cb1f4388f03e1d475300dde6374b94340632c98c8cb13273cece1688495104", 0xc1, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r6, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000})

2.746624975s ago: executing program 1 (id=1287):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x154, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x1f}}, @TCA_CHOKE_STAB={0x104, 0x2, "d5d35d1038f2188be746b4abb5743132436af5c87bd20691a7c7a63162f37594fcf31748c6f76cd07b497e001cd9e64fec767310ec099ac47db779b8579f203c1d8ca74608270774e69e40051161c1a93d415fd219a176bc40b8b4f46e7ba39ac2d486fa4b558da4e2d9291e53e1992473378efbb8007da8035219a8ee80facfb06518a59573951a82f143066efc716caa90fa74ebb5ac811cd85f306097632ba64e7017ef2f2968a17bba4787dbc25f9fc655ac9d4b72a56c7cf75b6b7729e77495efbf8b8935afc8d4a96e147d016f58f5efcfb135e3c81d92553e8655e2fc8e3bf0a6bd42695684b1465811d3d8d4c2a9e76acd66842cb9a9983048dd72bb"}]}}]}, 0x154}}, 0x0)

2.726766347s ago: executing program 2 (id=1288):
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0x2000011a)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, 0x0, 0x0)

2.516832134s ago: executing program 1 (id=1289):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x4)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000200), 0x0, 0x0, 0x0)
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000080)={0x10001, <r7=>r5})
mmap$dsp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r7, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x2, 0x3, 0x401}, 0x14}}, 0x0)
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000005b40)='./file0\x00', 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="646174615fa97261fc4d1ac03e1f8238a9ceb4186e"], 0x1, 0x5b16, &(0x7f0000011200)="$eJzs3Q+MXXWdKPBz7p1p73TaMgWBWv50gNJXeAJTig9oMA68CPi0iKBFBWkrnZbB/oFOa6GKLSSiQR6vyXtRnomEEE14IQTfknX9s6aYRczKGpu4bHF3XQxoVnaDNQjapcRuZu45M/eeOb977tx7p7Tw+YTOmXPmd7+/7/d3fnPnnHMP90YAAAC8LTz9hZE/XrXgfT+5e+i1nVd+b+NdUW95bHslbdCXLG9/szLkcJrZNX9smZ0XuwdnPP3e+z743Nc/+c0XXpy3ZOk3brn84G2zV9x77+DPLzz40z/fWRQ3nU9nTazHL8dRdMrPlnzlnh89c+LotjiKonLctyuK5sWlH86LMyEGXo+iaG2yclzmh0+8tmzd6HLXl2fWbT8m0858f3urJPPsiz/YfPJvz738uT2/uOy1gcrrW3ZNNIkrNfMpiuaurn18dxRFPcm/Uelsm58+OFleHUXRrJrHXVSQ1+lN5n9OYH1BspyRLHsL4qQ/Py2z3t1kHl2ZZaXJx7WqNM3xU+n+mz3N/Wef3LL9zEuW306WZ00xfjn9F0elOOoa725DPDFHopr9Fkfx2L6fWC/VzYU4MzfiKIoz66XMerk7U9dYv8lEK8dx/fa0XWZ7f7K9K9l+WsFcuzaw/Z1pvckv6oFM/dmgvZO+Ga9rTJrXrxrkcjiUap6D8ran+VaSndGbbOuNj530mEM50p+tfPH+x1/Y8eCivkAe8bfiJH7cUvxnN168b/GOX+6fH4q/upTEL7UUf+TcVx576ZofnxiMvzuNX24p/vMXLP7q93duPxAcn9+n49PVUvzy8rMPLr17YGUw/4fS+JWW4j982aNfm/vupx4L5j+Qjk9Pa+MzvO2N6x85fn8wfpTGn9VS/EtfPeHM5ZsfXR+M/2Q6Pr0txX9mZHjFPTcv3N4fir83jT+npfin//qG6/fsG3o+mP9gOj59LcV/z6JLr16xf9N9oefOeNfh+gsL8NZ0XHKM9aVkvdXzzHbVnC880BdXj/lmJ//mdLKjjNF+5k5jfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADenh7uWzv05++e+kZXsj4z+ebUcnWZbp8RRXFPFEUjW9ds2Tq8aX3/LZu3bdm0ZkP/mq39Q5u2brmj/4J39W8ZunXDmjtGfzpwzrLq446N4uoyPmVS34cOHTpU6qvflvb36Qv/9xP9p+77xygaOP7np3YF8//QnQv++7ycrxnx4KEN/+vMG1+a/bfbqhv6krz6AnlFgbwueeTl5b/9Xs//jKKBExrl9a9LrvhRXUJjGybiJEozo9LYNzPjWbl5jGed5JOOV9e64Q1DA8XjWw7U8ZsDf/HR7SM37aqObyVYR5Pj2zN46E+bvvPkTZfsuLq64Ujd70XjnVaR5peOXyUZ77lJXXMDdXUF6rrnzNP+5R/+78aXd0UDXX9YOLnvorq6kwnQHb+zqX7THmbF9WNSSdqnezx93HlbN9563sgdO84Z3rhm/dD6oU3Lli276IJl5194/n87b6z06teO1Z/2/1+arP/wzKfNFw4Op1+bm09FeRWNx2hexeNRm1Ho9+8dH7nin+76y93XVDcUzfO09fjzSbKcNbqbl0Y1823yWOXVVTQO3YFxWH9t7/97tX/zfxQ9D9XumdqvGfHgoT8M/917Z+8548bqhsPyPF+bUIvP8+NZJ/l01z7vLD1yx3dmVE7q6s3N64y7X/nY33837h/Pb8aM6PY1W7duWVr9epjqese1n+tsXRct/vfbdqy+a96kus6vfp2dZDo7Pik3r+zWtK6FY1/LUTIs6SKqlPLr646q+WX/LqSPy45qb/Kz3vjY3Lqy0p+tfPH+x1/Y8eCi0EjH36r22BPNqS7jkwMtN2QeWB5POK//ovkRRdHq2m3pOD75nf/Tv+cn8zYWzo/qzJj0NVve4KHPXzz7NyPX7V1R3XB4nldqEmrxeWU864l8xsZr7Hnl/COnjjdvP9f9YsWDh/ac/K71y/56a/JrXzS+463zxndZFBU9DyzMrE/X80C2n4n2+fH6M+u9Ubml543nL1j81e/v3H4g+Lzx+2afNz5Xt1Zu83kjDsynfZ///3/67L5n39+55433Ly5/4p8XLksG9Ej5fask87oSmNfjWSf5xLXz+tybNm9YW91+5B7/JsuC85/07/fIHTs+vWbDhqEtI83V1exxSdpPdpRbPS5Jf/uOLagr3V8TdU3fN82MV7O/b2n+a7Pj1eLvG+TpjeKW/p49u/HifYt3/HJ/XyBuvLqUxC+1FH/k3Fcee+maH58YjL87jd/VUvzy8rMPLr17YGUw/kNxEr/SUvyHL3v0a3Pf/dRjwfgDaf49rR1PDG974/pHjg+Pf5TG720p/jMjwyvuuXnh9mD8vXHSz+ixXRQ98dqyddX1OOpOnofTPLrr8oqy63FmvZRZL9eul6rX4Mc7KMdx/fa0XbL9tJpc8lwX2J4ePVbmV5cH0vUo+03j7UeaUs0xQd72ouNrAHgrSV//T4810tf/FyZ/EGte/68u4xl1j5+fHE/Nn9g0dp53V3/1D+lUr+uleWSv66Xxl5xRH6PV63pF1+VOz6yneS1MRiXNp8Fxw+yoietyk/tpfF0uU37xdbP+L2U2dI1d2wvtt+7kSkXe68yZfGePRmj3OHt+ftbjx9mheZe93pG+Th83Oe+y90Wk+zd7X0Qaf0HmAlqr90W0O+/SyxoN5t1YZcXXUyfPi6jBuE7Mi/xo2XlRbR/XZBps31edR9P7utTRf74/vdffXU8IxE/+jhzp5/vp9vT5oavJ6wArA9s7dR0g/e1P8/pVg1wOB9cBAGDi/D89phg9/x/9W92fOWwvOm/JnmWk8YL3sZTz8yk6/518P9uslo77Ln31hDOXb350ffC4+Mlm70u5tW5tVsF9KUXjuCizXjiOgVtBiq47LM60743mtDSOp//6huv37Bt6PjiOg9UDqeJx3F23NqfNcVySWS8cx+78rIrGMdtP0fw9K7Pem9wRNNVxf8+iS69esX/TfcFx39XsuD9Ut9ZXMO7O0wPxnacfEefp03098k27DpBct56u6wDXBrZP9TpA76Rvxusac9RdBwj8XQCAo1l6/j9+v3xy/v83mXbtnh8Gj9sGO3M/a/C4bfy4tr3j8mD+48fl7Z0XBeOPnxe1d94SHJ/x85b2zruC8cfPu9q7ThMcnyfT8WnvuD/0vwukx/1H/3nR9F5ncF6UrEfZb6qcFwEAcCRIz//Tw9X0/v+nkvXssfH0n+dO93nodJ9HT/d1hum+TnK0n+ce7dcZpvs6m+sArgMUcx0AAOCt4X3J8sYm23eN3UMcRZ+66ebzV60d+syqdVuGhkZuXXPT0KrhTcNbx9t1j515Tb5POtRf0X3See1nNWi/Khi/Pp/LA+1D2q0/1F9R/XntG9W/Ohi/Pp8rAu1D2q0/1F9R/XntG9W/Jhi/Pp8rA+1D2q0/1F9R/XntG9X/qWD8+nzeH2gf0m79of6K6s9r36j+m4Lx6/P5H4H2Ie3WH+qvqP689o3qz75fZqj+DwTah7Rbf6i/ovrz2jeqfygYvz6fDwbah7Rbf6i/ovrz2jeqf10wfn0+KwLtQ9qtP9RfUf157RvVvz4Yvz6fqwLtQ9qtP9RfUf157RvVf3Mwfn0+Hwq0D2m3/lB/RfXntW9U/3Awfn0+Vwfah7Rbf6i/ovrz2jeq/5Zg/Pp8PhxoH9Ju/aH+iurPa9+o/k8H49fnc02gfUi79Yf6K6o/r32j+jcE49fnc22gfUi79Yf6K6o/r32j+jcG49fn85FA+5B26w/1l60/W1Ze+0b1bwrGr8/no4H2Ie3WH+qvaP/ntW9U/+Zg/Pp8Vgbah7Rbf6i/ovrz2jeq/9Zg/Pp8rgu0D2m3/lB/RfXntW9U/23B+PX5fCzQPqTd+kP9FdWf175R/VuC8evz+XigfUi79Yf6K6o/r32j+keC8evz+USgfUi79Yf6K6o/r32j+rcG49fnc32gfUi79Yf6K6o/r32j+rcF49fnc0OgfUi79Yf6K6o/r32j+j8TjF+fzycD7UParT/UX1H9ee0b1b89GL8+nxsD7UParT/UX1H9ee0b1X97MH59PqsC7UPG69+6ZWho1bZb167ZOrRq0+a1QyOrtm8Z3rp1KDlQa/e+xOB9Zcl9id1RV8P6F2TWj0neH+iYwPsDZdunYU8a+2by+wNlu+0qeJ+cov2V7b/ofYby2ufNt9D+LXo+aHY+ZNX9flQnyfCmkaEtk5+/exqOR+2ciMZum+upLuMTmmqffbvOQDeFmq+n0rCe7OaZyY2AM+Pjm2ofBT4PbqqarycO1pOXx1Q/xy4NO6XPsct8mSTnPVrr6l03MvYkPbxmw/COocn5zzoC8n9zxrE0KY+i/R9n8piXZDIv9Hlvgby3f/vfHv7d7/7qA1E0cHz55LbGLx48tPrACZ/62SUzzxvNv9Qw//GW6ecqF3z+YbZ9Wk/Xhs0jW//rus3bNuW/gpbe71waX5+m+52TOstN3r8cut9jqvcvx5O+OTI1e/8yAADA20X6//+n56vzk/8HdV7mEkHz14Hb+/+jg9eB9zZ3HTh7NaLoOnC2fVp2s9eBe9u8DpztP3SdttSgfaPXXZq9DvyJQPupan6etPc+AMF5koxU0TzJ/n/4RfMk236q86SnzXmS7b9onuS1b/T6dLPz5LpA+5Dm50N77zsRnA8Dzc2H7OdqFs2HbPupzodKm/Mh23/RfMhr3+h+nWbnw0cC7ZvV/Pxo731hgvNjdXPzY/zzUnZVF0XzI/v5KlOdH3Gb8yPbf9H8yGvf6H7GZufHhwPtU83v//betye4/3c3t/+zn9tStP+z7ae6/0vt7f9JL6wU7f9svkX3cze7/68KtK9NdGL/j+74sf0+tGr75i2190Cn+3/XNH1uS0jz+U3v59a0qvn8p/d9n6Y//+l9X6npz7+986Zg/nvbe6Wr+fyn93OJWnXYXo9N3myq6P2nil6n/Xhg+1Rfp50x6Zsjk9dpAQAAYPqlr/+nH8efvj/8l5Nl4GP6W3b0f763z9/Ojd+hz98uuo7pel6Dzo4ArucBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xsyu+WPLp78w8serFrzvJ3cPvbbzyu9tvGv34Iyn33vfB5/7+ie/+cKL85Ys/cYtlx+8bfaKe+8d/PmFB3/65zsLA/dVF2clq5Uoil+Oo+iUny35yj0/eubE0W1xFEXluG9XFM2LSz+cF2ciDLweRdHa8Tzrf/jEa8vWjS53fXlm3fZjMkGydUW95TSfujyj2wsr4ihUSebZF3+w+eTfnnv5c3t+cdlrA5XXt+yaaBJXauZTFM1dXfv47iiKepJ/o9LZNj99cLK8OoqiWTWPu6ggr9ObzP+cwPqCZDkjWfYWxEl/flpmvbvJPLoyy0qTj2tVaZrjp9L9N3ua+88+uWX7mZcsv50sz5pi/HL6L45KcdQ13t2GeGKORDX7LY7isX0/sV6qmwtxZm7EURRn1kuZ9XJ3pq6xfpOJVo7j+u1pu8z2/mR7V7L9tIK5dm1g+zvTepNf1AOZ+rNBeyd9M17XmDSvXzXI5XAo1TwH5W1P860kO6M32dYbHzvpMYdypD9b+eL9j7+w48FFfYE84m/FSfy4pfjPbrx43+Idv9w/PxR/dSmJX5pS/HLys5FzX3nspWt+fGIw/u40frml/J+/YPFXv79z+4Hg+Pw+HZ+uluKXl599cOndAyuD+T+Uxq+0FP/hyx792tx3P/VYMP+BdHx6Whuf4W1vXP/I8fuD8aM0/qyW4l/66glnLt/86Ppg/CfT8eltKf4zI8Mr7rl54fb+UPy9afw5LcU//dc3XL9n39DzwfwH0/Hpayn+exZdevWK/ZvuCz13xrsO119YgLem45JjrC8l662eZ7ar5nzhgb64esw3O/k3p5MdZYz2M3ca4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NY0dMUDO6/Yu+rKrjiK4kCbQznSn5VnDA72t9BvefnZB5fePbCydtv8FuIAAAAAxdLz8NL4lko0P9oe90Qn5bZPrxGclK7F9duz1xB6Jlp2JE6pQ3HKHYrT1aE43R2KM6NDcWZ2KE6lIE4lai5OT8M4pabzmdWhOL0dijO7Q3HmdCjO3A7FOaZDcfoaxml+Hs7rUJxjOxTnuA7FeUeH4hzfoTgndCjOiR2Kk72mPNV5OCdpuSAUZ+ybcmGcrrg8/oO86+lpP6dkHleaYj+9TfaTvWY/1X56muznjDb7qTTZz+I2+4mb7OesNvspFfSTztvbs/ml/aRrTc7/O1qMszATZ0eH8vlsh+J8rkNx7uxQnM93KM7ONuMANCs9/584b+yLZnZdEs1KnnGyVwHS893q34fJf+8q2RP0RBrv5Mz2GUXxsifqmXgLO5zf6Znt3XXxusaPmxrE66uNtyjzw8J6sxcUMvktmWq87IUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhGQ1c8sPOKvauujOJo9L9ch3KkPyvPGBzsb6HflS/e//gLOx5cVLttZlcLgQAAAIBC6Xl49/iWSjSz67xoRjyjrl0luQ5QSdbLfdXlf7JrfzFyVWUAwM/dmZ0ZtgW3BupACh1ZumJEWroof1LDRR9miUEJYDRgulvKsG663UV2m9IVWesD8UEDiSauPhmeMIQHNSgqyfKgMSgJmyg2EbQvEq0GmlCS1sRkzO7eO/8601nGxhb8/R7uvXPOd75vzmzT5DszUalv9T4QbTpjfDaJ3z63/8Hts4fmPzq5f89EZaIyPTIycuP1Iztv2Pnx7Q9MTlV2rF1Dvku+/iTf7KH5fXumpioPza69bn3fxWRdsT40vnI5nLzv93epEyXx9TqH5vdl0oc9Z/Wh+18LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrUp5caG8PDY6EIUQdYiptpHOZXJxXOqh7q1vb95288zTE41j+WwPiQAAAICu0j68vzZSCPlsJmTCpauvrqyHDoZQ7/sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/P5Xy4kJ5eWx0QxRC1CGm2kY6l8nFcamHur+bnbz9sS9tPdg4VuwhDwAAANBd2of31UYKoRiGQn90aVNcejZwWcv61rg0z+XrjGs9O+gUN7TOuOF1xn24S9xnkvvDAQAAAN790v4/WxsZDPnshR37/259fRq3tSUuk9x7+a0AAAAA8N9J+/9cbaQY8tlirV9fb79/ZUtcur7b9/bp+m7f26dxV3eo0/p9PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw/qqUFxfKy2OjmSiEqENMtY10LpOL41IPdY9eP/zdXy4cPNU4ls/2kAgAAADoKu3D6613IeSzA6E/bFjt+28c/ueX58cPb+ofTKZzufDwnrm5h3auXdO4oa+/9YU//DwqnRZ33dr1nGwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4qyrlxYXy8tjoBVEIUYeYahvpXCYXx6Ue6h6dPPDve5+65HjjWLGHPAAAAEB3aR9e7/0LoRhyIRc2r75q7PVX9LWs73RmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx3zB6a37dnaqrykAcPHjzUHs71/0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5olJeXCgvj40WohCiDjHVNtK5TC6OSz3UffKTT3//oo/96pnGsWIPeQAAAIDu0j683vsXQjH0h/5wyeqrdmcCq/3/4P/wTQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOeFSnlxobw8NnphFELUIabaRjqXycVxqYe6V/71i/cuHakcbRzLZ3tIBAAAAHSV9uG52kgh5LPXhXzYkryeal4QZZJ7+3OB+roHm5YNrHvdI03rMute942WnWWT3aytK6T5BtfutXWl09eVQgjFZF2xPjHetC480bTqwnW/zx80rRvssi4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAeahSXlwoL4+NRlEIUYeYahvpXCYXx6Ue6r6y/6Yjw/N/Pt44VuwhDwAAANBd2ofXe/9CKIbLw0Xh8tW+Pww2x6dxu5564+a//+KCb4WwY/Pvr8h2zP+3q8u/br2E0Ncc1BfC+5J6UYd6B3/6jyfffPNnnw5hxyWZLe+0XnPKuDp+avN9L+/Kbz/DBwMAAADvIWn/318bGQz57HTH/j/tvN9R/z9z8V2PbEquSUfesqJvMKnX16Hevhu+/ZPSFUf+tNL/n6neZ7962ac2hZkb4sn0ujbSIoqrU49v231s44sH0l2v1c+01E8/l9dP/fhzB2f3fm2tfiEUkvHLsu3qn35tcUFcPTn93At7d83f0Vw/22H/j2374F/++L39b6zUP7F1oFb/Q2fY/5nrX3x3+dXDzz5xZ3P9/g71J+7a8MO3SzP/at3/QEvi5JNf+4M3/BVaRHH1xORLt2xcGtrdXD+EMN4YmH7+Lzz3ndLSbzftT+unvxW5eqilfsM/tcZry5lTFFeXtlwzMfL83Ibm+lFL/XT/Rx790cmvHHnlttb939+6/471W/d/23Dmnte2jvTy4xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHeBSnlxobw8NhoyIUQdYqptpHOZXByXeqj7iatuveP249PfbBzLZ3tIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJw1lfLiQnl5bLQvCiHqEFNtI53L5OK41EPd2WvfeubYnb/5QONYsYc8AAAAQHdpH17v/QuhGHIhFwZW+/7xU5vve3lXfnsYXJuNknt2amZ27iMPzByYvv8cvXMAAABgvdL+P1sbGQz57FWhP+n/l7ZcMzHy/NyGtP8PIYyvXAoPTE5VRkLtnOC24cw9r20dKdXOCRrjrt07M5UcE6R5H71p4+uzn1++vW3enfW4E5Mv3bJxaWh3Gtef3FfjrqvHTT2+bfexjS8eSOP60nOKlbgd9biT08+9sHfX/B3pfKYxX0PcxXeXXz387BN31vIk94GkLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwX0chVhVxHIBn7t3Vq3fddotykyIVEw2SlYpKiFYh6aENKfDFAh+yMjKpJQwh3IQsTMKniqCIKAhECoIeirCgDJIoiNAewtAe6iE2og1xo2J3Z3bvHj3tdmoV5PvgMM6ce37zP3PGs/cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD5NbetZ6w9/PTA73cuuu3z3VuGd93+/ran9vfNOXzrvjuOvXLvmydOdq9Y/cZD60ce7ejfu7fv6xtHvvjzyWmDnxhvVqZuI4T4cwzhyi9XvLDn0yMLR8diCKEeuwZD6I61j7tjIaH3dAjhvok6p558d/i6+0fbwefmThm/qBBSvK/QrOd6xnVNrZcLSyPts2c+3H7Fj6vWHzv07brh3sbpxwYnPxIbLfsphM7Nrde3hxDmpWNU3m09+eLUbgghzG+57qZp6lo6w/qvLekvSu2c1DanycnnlxT67TOso63QNmZ4XVW1Wc7P8vPrmOX5iy+34jzdqX0vtSv/ZX49HzHUYmibmO7hOLlHQstziyGOPfvJfm3KXoiFvRFDiIV+rdCvtxfua2zetNHqMU4dz58rjC9O421pfMk0e+3ukvHL8/2m/6inCvdfDG2e8Y+J+xqT6/r+H2o5F2ot76Czjed6G+lhNNNYM158xjV/nUU+t/Hk82+f2Pnqsq6SOuI7MeXHSvnfbLv56PKd3w31lOVvrqX8WqX8gVW/Hvzprs8Wlubvz/n1SvnHr1/+4ge7dpwqXZ9f8vq0Vcqvr7lmZPXu3o2l9b+W8xuV8l9fd+Dlzhs+OVhaf29en3nV1mfr439seuvSodL8kPPnV8pf+9tlV6/ZfuCB0vyP8vo0K+UfGdjav+fBq3YsLsv/KucvqJS/9Id7Nh06uuV4af19eX26KuXfsmzthv6hR/aVvTvj4Ln6CwtwYbokfcd6NvWr/s78r1p+L7zUFce/83WkY8H/OVHB6Dyds5gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zQ4ckAAAAAAI+v+6HYECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUwEAAP//wa5XIQ==")

2.516394042s ago: executing program 4 (id=1290):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f000041f000/0x1000)=nil, 0x1000, 0x2, 0x10, r3, 0xa3f24000)
r5 = socket$packet(0x11, 0x0, 0x300)
getsockopt$packet_int(r5, 0x107, 0x0, 0x0, &(0x7f0000000080))
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={0x0}}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0xa718}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0x33, 0x200c, 0x0, @link_id}, 0x20)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0)

1.849643528s ago: executing program 2 (id=1291):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000011c0)={{0x2, 0x0, @multicast1}, {0x0, @broadcast}, 0x68, {0x2, 0x0, @broadcast}, 'veth1_macvtap\x00'})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0x10, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000000c0)="91685102d300000013000010888e", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r6, 0xc008551a, &(0x7f0000000100)={0x2, 0x8, [0x0, 0x0]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000240), 0x208e24b)
setsockopt$MRT6_PIM(r9, 0x29, 0xcf, &(0x7f0000000540), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r9, 0x0)
r10 = dup(r8)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001d008104e00f80ecdb4cb9f207c804a00d000000880802fb0a000200250ada1b40d8080cc500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

850.866271ms ago: executing program 0 (id=1292):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xd, &(0x7f0000000040), 0x5b)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x1)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000004c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x27, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be8410f2802e944af80373be2666b665770173fbd1883303b6ac4749393ad08f139a68f00"}, 0xd8)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1, 0xfffb, 0x5, 0x1}, 0x48)
clock_gettime(0x0, 0x0)
recvmmsg(r2, &(0x7f0000000280)=[{{&(0x7f00000001c0)=@phonet, 0x80, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/217, 0xd9}], 0x1, &(0x7f0000000840)=""/203, 0xcb}, 0x5}], 0x1, 0x10042, &(0x7f0000000400))
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000480)={0x12, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"})

591.250966ms ago: executing program 4 (id=1293):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x3}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x5, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x90)
fsetxattr(r5, &(0x7f00000000c0)=@random={'os2.', '\x00'}, &(0x7f0000000100)='+:[^$,\\\x00', 0x8, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x80c02, 0x0)

0s ago: executing program 3 (id=1294):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000000180)=""/96, 0x110, 0x60}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={&(0x7f0000000440)=""/80, 0x50, <r1=>0x0, &(0x7f0000000c00)=""/190, 0xbe}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000480), 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000380), 0x208e24b)
readv(r2, &(0x7f00000001c0)=[{&(0x7f00000006c0)=""/211, 0xd3}, {&(0x7f00000007c0)=""/177, 0xb1}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e)
sendfile(r2, r2, &(0x7f0000000000)=0x8, 0x4)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000bc0)='./bus\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@delalloc}, {@noblock_validity}, {@debug}, {@test_dummy_encryption}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")

kernel console output (not intermixed with test programs):

tsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  404.126302][ T5144] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  404.137609][ T5144] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  404.167888][ T5144] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  404.204338][ T5144] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.239275][ T5144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.256859][ T5144] usb 1-1: Product: syz
[  404.265785][ T5144] usb 1-1: Manufacturer: syz
[  404.298812][ T5144] usb 1-1: SerialNumber: syz
[  404.979477][ T2899] team0 (unregistering): Port device team_slave_1 removed
[  405.148016][ T2899] team0 (unregistering): Port device team_slave_0 removed
[  405.271310][ T4491] Bluetooth: hci4: command tx timeout
[  406.069579][ T4491] Bluetooth: hci1: command tx timeout
[  406.097068][ T7449] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  406.821825][ T9606] loop4: detected capacity change from 0 to 128
[  406.851264][ T9606] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  406.864297][ T9606] ext4 filesystem being mounted at /143/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  407.156126][ T6365] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  407.173208][ T5144] cdc_ncm 1-1:1.0: bind() failure
[  407.183173][ T5144] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  407.239573][ T5144] cdc_ncm 1-1:1.1: bind() failure
[  407.271127][ T5144] usb 1-1: USB disconnect, device number 11
[  407.304169][ T9497] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.349781][ T4491] Bluetooth: hci4: command tx timeout
[  407.351212][ T9497] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.380212][ T9615] netlink: 20 bytes leftover after parsing attributes in process `syz.4.935'.
[  407.381709][ T9497] bridge_slave_0: entered allmulticast mode
[  407.401186][ T9497] bridge_slave_0: entered promiscuous mode
[  407.477244][ T9497] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.503267][ T9497] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.541061][ T9497] bridge_slave_1: entered allmulticast mode
[  407.561991][ T9497] bridge_slave_1: entered promiscuous mode
[  407.704611][ T9497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  407.770068][ T9497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  408.058129][ T5144] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  408.068535][ T9497] team0: Port device team_slave_0 added
[  408.172842][ T9497] team0: Port device team_slave_1 added
[  408.296936][ T5144] usb 1-1: Using ep0 maxpacket: 32
[  408.304807][ T5144] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  408.333201][ T5144] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  408.347842][ T9497] batman_adv: batadv0: Adding interface: batadv_slave_0
[  408.365988][ T5144] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  408.368117][ T9497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  408.393342][ T5144] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  408.436788][ T9497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  408.439024][ T5144] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  408.457797][ T5144] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  408.472830][ T5144] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  408.485606][ T9497] batman_adv: batadv0: Adding interface: batadv_slave_1
[  408.492714][ T5144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.500896][ T9497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  408.527126][ T5144] usb 1-1: Product: syz
[  408.532725][ T5144] usb 1-1: Manufacturer: syz
[  408.538766][ T5144] usb 1-1: SerialNumber: syz
[  408.562550][ T9497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  408.575938][ T9638] binder: 9618:9638 ioctl c0046209 0 returned -22
[  408.861808][ T9641] loop3: detected capacity change from 0 to 1024
[  408.883436][ T5144] cdc_ncm 1-1:1.0: bind() failure
[  408.887925][ T9641] EXT4-fs: Ignoring removed nomblk_io_submit option
[  408.932791][ T5144] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  408.975467][ T5144] cdc_ncm 1-1:1.1: bind() failure
[  409.012140][ T9641] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  409.012744][ T5144] usb 1-1: USB disconnect, device number 12
[  409.054541][ T9641] System zones: 0-1, 3-12
[  409.067933][ T9641] EXT4-fs (loop3): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  409.185856][ T9497] hsr_slave_0: entered promiscuous mode
[  409.213792][ T9641] EXT4-fs error (device loop3): ext4_find_dest_de:2066: inode #2: block 16: comm syz.3.939: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=21519, rec_len=0, size=1024 fake=0
[  409.235231][ T9497] hsr_slave_1: entered promiscuous mode
[  409.253793][ T9497] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  409.275831][ T9497] Cannot create hsr debugfs directory
[  409.338659][ T7449] EXT4-fs (loop3): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  409.427966][ T4491] Bluetooth: hci4: command tx timeout
[  409.622908][ T9570] chnl_net:caif_netlink_parms(): no params data found
[  409.790872][ T2899] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.110637][ T2899] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.521385][ T2899] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.799371][ T2899] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.970472][   T29] audit: type=1326 audit(1720020927.124:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9653 comm="syz.0.941" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2295b75bd9 code=0x0
[  411.389020][ T9570] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.451721][ T9570] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.494999][ T9570] bridge_slave_0: entered allmulticast mode
[  411.510445][ T4491] Bluetooth: hci4: command tx timeout
[  411.545254][ T9570] bridge_slave_0: entered promiscuous mode
[  411.563931][ T9679] loop0: detected capacity change from 0 to 128
[  411.568374][ T9570] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.597432][ T9570] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.606339][ T9570] bridge_slave_1: entered allmulticast mode
[  411.631783][ T9570] bridge_slave_1: entered promiscuous mode
[  411.670686][ T9679] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  411.722367][ T9679] ext4 filesystem being mounted at /188/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  411.848757][ T5640] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  411.864849][ T9570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.959576][ T9570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.115048][ T9687] netlink: 20 bytes leftover after parsing attributes in process `syz.3.945'.
[  412.482210][ T5197] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  412.701663][ T5197] usb 1-1: Using ep0 maxpacket: 32
[  412.740962][ T5197] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.755912][ T9570] team0: Port device team_slave_0 added
[  412.790149][ T9570] team0: Port device team_slave_1 added
[  412.799318][ T5197] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.867022][ T5197] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  412.903863][ T5197] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  412.916953][ T5197] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  412.973908][ T5197] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  413.011843][ T5197] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  413.024532][ T5197] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.036516][ T5197] usb 1-1: Product: syz
[  413.049655][ T5197] usb 1-1: Manufacturer: syz
[  413.060489][ T5197] usb 1-1: SerialNumber: syz
[  413.191460][ T2899] bridge_slave_1: left allmulticast mode
[  413.206709][ T2899] bridge_slave_1: left promiscuous mode
[  413.227159][ T2899] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.355967][ T2899] bridge_slave_0: left allmulticast mode
[  413.376181][ T2899] bridge_slave_0: left promiscuous mode
[  413.398839][ T2899] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.426341][ T9714] loop4: detected capacity change from 0 to 1024
[  413.462854][ T9714] EXT4-fs: Ignoring removed nomblk_io_submit option
[  413.513345][ T9714] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  413.539551][ T9714] System zones: 0-1, 3-12
[  413.574759][ T9714] EXT4-fs (loop4): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.636049][ T9714] EXT4-fs error (device loop4): ext4_find_dest_de:2066: inode #2: block 16: comm syz.4.948: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=21519, rec_len=0, size=1024 fake=0
[  413.782825][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  414.332640][   T29] audit: type=1326 audit(1720020930.504:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9722 comm="syz.4.951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2d6b75bd9 code=0x0
[  415.121022][ T9729] loop4: detected capacity change from 0 to 128
[  415.180065][ T9730] binder: 9720:9730 ioctl c0046209 0 returned -22
[  415.260987][ T9729] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  415.318103][ T9729] ext4 filesystem being mounted at /150/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  415.518621][ T6365] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  415.970977][ T2899] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  415.999570][ T2899] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  416.018075][ T2899] bond0 (unregistering): Released all slaves
[  416.249347][ T9570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  416.266838][ T9570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  416.310233][ T9570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  416.351029][ T9570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  416.360348][ T9570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  416.398939][ T9570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  416.489369][ T5197] cdc_ncm 1-1:1.0: bind() failure
[  416.527259][ T5197] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  416.534743][ T5197] cdc_ncm 1-1:1.1: bind() failure
[  416.562467][ T5197] usb 1-1: USB disconnect, device number 13
[  416.968555][ T9570] hsr_slave_0: entered promiscuous mode
[  416.990651][ T9570] hsr_slave_1: entered promiscuous mode
[  417.012334][ T9570] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  417.051327][ T9570] Cannot create hsr debugfs directory
[  417.623492][ T2899] hsr_slave_0: left promiscuous mode
[  417.638796][ T2899] hsr_slave_1: left promiscuous mode
[  417.652654][ T2899] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.664232][ T2899] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.682336][ T2899] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.692706][ T2899] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.734755][ T2899] veth1_macvtap: left promiscuous mode
[  417.743708][ T2899] veth0_macvtap: left promiscuous mode
[  417.754107][ T2899] veth1_vlan: left promiscuous mode
[  417.763250][ T2899] veth0_vlan: left promiscuous mode
[  418.443199][ T9760] loop0: detected capacity change from 0 to 128
[  418.610021][ T9760] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  418.659255][ T9760] ext4 filesystem being mounted at /193/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  418.814658][   T29] audit: type=1326 audit(1720020934.994:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.3.960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf88975bd9 code=0x0
[  419.341098][ T5640] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  419.877043][ T9766] binder: 9761:9766 ioctl c0046209 0 returned -22
[  420.489325][ T2899] team0 (unregistering): Port device team_slave_1 removed
[  420.694036][ T2899] team0 (unregistering): Port device team_slave_0 removed
[  420.827974][ T9771] loop0: detected capacity change from 0 to 32768
[  420.836169][ T9771] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.963 (9771)
[  420.902159][ T9771] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  420.966900][ T9771] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  420.996458][ T9771] BTRFS info (device loop0): using free-space-tree
[  421.571271][ T5640] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  422.229966][ T9810] loop4: detected capacity change from 0 to 128
[  422.419901][ T9810] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  422.467257][ T9810] ext4 filesystem being mounted at /156/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  422.640370][ T6365] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  422.716660][    C0] DEBUG: waiting rtnl_mutex for 511 jiffies.
[  422.723379][    C0] task:dhcpcd          state:D stack:20672 pid:4761  tgid:4761  ppid:4760   flags:0x00004002
[  422.733787][    C0] Call Trace:
[  422.737161][    C0]  <TASK>
[  422.740249][    C0]  __schedule+0x1800/0x4a60
[  422.744945][    C0]  ? __pfx___schedule+0x10/0x10
[  422.749934][    C0]  ? __pfx_lock_release+0x10/0x10
[  422.755041][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  422.760644][    C0]  ? schedule+0x90/0x320
[  422.764981][    C0]  schedule+0x14b/0x320
[  422.769275][    C0]  schedule_preempt_disabled+0x13/0x30
[  422.774822][    C0]  __mutex_lock+0x6a4/0xd70
[  422.779437][    C0]  ? __mutex_lock+0x527/0xd70
[  422.784186][    C0]  ? rtnl_dumpit+0x9e/0x210
[  422.788897][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  422.794015][    C0]  ? __alloc_skb+0x28f/0x440
[  422.798791][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  422.803899][    C0]  ? get_rtnl_holder+0x144/0x190
[  422.809127][    C0]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  422.814570][    C0]  rtnl_dumpit+0x9e/0x210
[  422.819034][    C0]  netlink_dump+0x647/0xd80
[  422.823667][    C0]  ? __pfx_netlink_dump+0x10/0x10
[  422.828814][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  422.834875][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  422.840200][    C0]  ? netlink_recvmsg+0x60a/0x11d0
[  422.845309][    C0]  ? kmem_cache_free+0x145/0x350
[  422.850407][    C0]  netlink_recvmsg+0x6bb/0x11d0
[  422.855360][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  422.860885][    C0]  ? __pfx_aa_sk_perm+0x10/0x10
[  422.865825][    C0]  ? __pfx___might_resched+0x10/0x10
[  422.871228][    C0]  ? aa_sock_msg_perm+0x91/0x160
[  422.876231][    C0]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  422.881731][    C0]  ? security_socket_recvmsg+0x90/0xb0
[  422.887299][    C0]  ? __pfx_netlink_recvmsg+0x10/0x10
[  422.892651][    C0]  sock_recvmsg+0x22f/0x280
[  422.897303][    C0]  ____sys_recvmsg+0x1db/0x470
[  422.902186][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[  422.907647][    C0]  __sys_recvmsg+0x2f0/0x3e0
[  422.912323][    C0]  ? __pfx_lock_release+0x10/0x10
[  422.917504][    C0]  ? __pfx___sys_recvmsg+0x10/0x10
[  422.922724][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  422.929299][    C0]  ? do_syscall_64+0x100/0x230
[  422.934243][    C0]  ? do_syscall_64+0xb6/0x230
[  422.939061][    C0]  do_syscall_64+0xf3/0x230
[  422.943636][    C0]  ? clear_bhb_loop+0x35/0x90
[  422.948470][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.954437][    C0] RIP: 0033:0x7f007c58291e
[  422.958951][    C0] RSP: 002b:00007ffff5340878 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  422.967475][    C0] RAX: ffffffffffffffda RBX: 00007ffff53419a0 RCX: 00007f007c58291e
[  422.975490][    C0] RDX: 0000000000000000 RSI: 00007ffff53418c0 RDI: 0000000000000018
[  422.983557][    C0] RBP: 00007ffff5341930 R08: 0000000000000000 R09: 0000000000000000
[  422.991704][    C0] R10: 00000000000000ff R11: 0000000000000246 R12: 0000000000000ee8
[  422.999783][    C0] R13: 00007ffff53418a4 R14: 00007ffff53418c0 R15: 00007ffff53418b0
[  423.007874][    C0]  </TASK>
[  423.010919][    C0] DEBUG: holding rtnl_mutex for 540 jiffies.
[  423.016974][    C0] task:kworker/u8:9    state:D stack:21136 pid:2899  tgid:2899  ppid:2      flags:0x00004000
[  423.027249][    C0] Workqueue: netns cleanup_net
[  423.032084][    C0] Call Trace:
[  423.035407][    C0]  <TASK>
[  423.038430][    C0]  __schedule+0x1800/0x4a60
[  423.043015][    C0]  ? __pfx___schedule+0x10/0x10
[  423.048017][    C0]  ? __pfx_lock_release+0x10/0x10
[  423.053194][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  423.059193][    C0]  ? kthread_data+0x52/0xd0
[  423.063772][    C0]  ? wq_worker_sleeping+0x66/0x240
[  423.069039][    C0]  ? schedule+0x90/0x320
[  423.073349][    C0]  schedule+0x14b/0x320
[  423.077619][    C0]  synchronize_rcu_expedited+0x684/0x830
[  423.083315][    C0]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  423.089588][    C0]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  423.094950][    C0]  ? __pfx___might_resched+0x10/0x10
[  423.100327][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  423.106357][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  423.112515][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  423.118938][    C0]  synchronize_rcu+0x11b/0x360
[  423.123740][    C0]  ? __pfx_synchronize_rcu+0x10/0x10
[  423.129239][    C0]  lockdep_unregister_key+0x556/0x610
[  423.134689][    C0]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  423.140772][    C0]  ? rcu_is_watching+0x15/0xb0
[  423.145621][    C0]  ? qdisc_reset+0x3bf/0x5b0
[  423.150321][    C0]  __qdisc_destroy+0x165/0x410
[  423.155129][    C0]  dev_shutdown+0x9b/0x440
[  423.159652][    C0]  unregister_netdevice_many_notify+0x9c7/0x1d20
[  423.166141][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  423.173008][    C0]  ? unregister_netdevice_queue+0x26b/0x370
[  423.179018][    C0]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  423.185413][    C0]  default_device_exit_batch+0xa0f/0xa90
[  423.191236][    C0]  ? __pfx___might_resched+0x10/0x10
[  423.196575][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  423.202878][    C0]  ? cfg802154_pernet_exit+0xc3/0xe0
[  423.208267][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  423.214478][    C0]  cleanup_net+0x89d/0xcc0
[  423.218994][    C0]  ? __pfx_cleanup_net+0x10/0x10
[  423.224004][    C0]  ? process_scheduled_works+0x945/0x1830
[  423.229855][    C0]  process_scheduled_works+0xa2c/0x1830
[  423.235490][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  423.241618][    C0]  ? assign_work+0x364/0x3d0
[  423.246266][    C0]  worker_thread+0x86d/0xd40
[  423.250954][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  423.257127][    C0]  ? __kthread_parkme+0x169/0x1d0
[  423.262223][    C0]  ? __pfx_worker_thread+0x10/0x10
[  423.267422][    C0]  kthread+0x2f0/0x390
[  423.271622][    C0]  ? __pfx_worker_thread+0x10/0x10
[  423.276825][    C0]  ? __pfx_kthread+0x10/0x10
[  423.281469][    C0]  ret_from_fork+0x4b/0x80
[  423.285914][    C0]  ? __pfx_kthread+0x10/0x10
[  423.290610][    C0]  ret_from_fork_asm+0x1a/0x30
[  423.295469][    C0]  </TASK>
[  423.298561][    C0] DEBUG: waiting rtnl_mutex for 569 jiffies.
[  423.304683][    C0] task:syz-executor    state:D stack:21024 pid:9497  tgid:9497  ppid:9459   flags:0x00004002
[  423.314949][    C0] Call Trace:
[  423.318330][    C0]  <TASK>
[  423.321280][    C0]  __schedule+0x1800/0x4a60
[  423.325856][    C0]  ? __pfx___schedule+0x10/0x10
[  423.330799][    C0]  ? __pfx_lock_release+0x10/0x10
[  423.335901][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  423.341660][    C0]  ? schedule+0x90/0x320
[  423.345965][    C0]  schedule+0x14b/0x320
[  423.350235][    C0]  schedule_preempt_disabled+0x13/0x30
[  423.355801][    C0]  __mutex_lock+0x6a4/0xd70
[  423.360436][    C0]  ? __mutex_lock+0x527/0xd70
[  423.365181][    C0]  ? nsim_create+0x408/0x890
[  423.369906][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  423.375080][    C0]  ? kmemdup_noprof+0x45/0x60
[  423.379870][    C0]  ? nsim_udp_tunnels_info_create+0x592/0x7c0
[  423.386094][    C0]  ? get_rtnl_holder+0x144/0x190
[  423.391309][    C0]  nsim_create+0x408/0x890
[  423.395799][    C0]  ? debugfs_create_symlink+0x191/0x1f0
[  423.401470][    C0]  __nsim_dev_port_add+0x6c0/0xae0
[  423.406810][    C0]  ? __pfx___nsim_dev_port_add+0x10/0x10
[  423.412517][    C0]  ? queue_delayed_work_on+0x267/0x390
[  423.418092][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  423.423972][    C0]  ? init_timer_key+0x197/0x310
[  423.428941][    C0]  nsim_dev_port_add_all+0x33/0xf0
[  423.434108][    C0]  nsim_drv_probe+0x85f/0xb80
[  423.438876][    C0]  ? __pfx_nsim_drv_probe+0x10/0x10
[  423.444119][    C0]  ? kernfs_create_link+0x187/0x1f0
[  423.449434][    C0]  ? sysfs_do_create_link_sd+0xdd/0x110
[  423.455121][    C0]  ? driver_sysfs_add+0x1de/0x1f0
[  423.460302][    C0]  ? really_probe+0x147/0xad0
[  423.465081][    C0]  ? __pfx_nsim_bus_probe+0x10/0x10
[  423.470405][    C0]  really_probe+0x2b8/0xad0
[  423.475097][    C0]  __driver_probe_device+0x1a2/0x390
[  423.480505][    C0]  driver_probe_device+0x50/0x430
[  423.485595][    C0]  __device_attach_driver+0x2d6/0x530
[  423.491101][    C0]  bus_for_each_drv+0x24e/0x2e0
[  423.496014][    C0]  ? __pfx___device_attach_driver+0x10/0x10
[  423.502031][    C0]  ? __pfx_bus_for_each_drv+0x10/0x10
[  423.507521][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  423.512799][    C0]  __device_attach+0x333/0x520
[  423.517704][    C0]  ? __pfx___device_attach+0x10/0x10
[  423.523053][    C0]  bus_probe_device+0x189/0x260
[  423.528020][    C0]  device_add+0x856/0xbf0
[  423.532403][    C0]  new_device_store+0x3f3/0x890
[  423.537353][    C0]  ? kernfs_fop_write_iter+0x1eb/0x500
[  423.542903][    C0]  ? __pfx_new_device_store+0x10/0x10
[  423.548394][    C0]  ? sysfs_kf_write+0x182/0x2a0
[  423.553308][    C0]  ? bus_attr_store+0x4f/0xa0
[  423.558132][    C0]  ? __pfx_sysfs_kf_write+0x10/0x10
[  423.563398][    C0]  kernfs_fop_write_iter+0x3a1/0x500
[  423.568802][    C0]  vfs_write+0xa72/0xc90
[  423.573093][    C0]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  423.579003][    C0]  ? __pfx_vfs_write+0x10/0x10
[  423.583816][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  423.589921][    C0]  ksys_write+0x1a0/0x2c0
[  423.594313][    C0]  ? __pfx_ksys_write+0x10/0x10
[  423.599273][    C0]  ? do_syscall_64+0x100/0x230
[  423.604171][    C0]  ? do_syscall_64+0xb6/0x230
[  423.608942][    C0]  do_syscall_64+0xf3/0x230
[  423.613497][    C0]  ? clear_bhb_loop+0x35/0x90
[  423.618279][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.624235][    C0] RIP: 0033:0x7f4d2d97475f
[  423.628756][    C0] RSP: 002b:00007fffc6dc6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  423.637277][    C0] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f4d2d97475f
[  423.645287][    C0] RDX: 0000000000000003 RSI: 00007fffc6dc6050 RDI: 0000000000000005
[  423.653445][    C0] RBP: 00007f4d2d9e45bb R08: 0000000000000000 R09: 00007fffc6dc5e57
[  423.661521][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  423.669614][    C0] R13: 00007fffc6dc6050 R14: 00007f4d2e634620 R15: 0000000000000003
[  423.677709][    C0]  </TASK>
[  423.680763][    C0] DEBUG: waiting rtnl_mutex for 607 jiffies.
[  423.686832][    C0] task:syz-executor    state:D stack:21024 pid:9570  tgid:9570  ppid:9547   flags:0x00004000
[  423.697191][    C0] Call Trace:
[  423.700508][    C0]  <TASK>
[  423.703510][    C0]  __schedule+0x1800/0x4a60
[  423.708131][    C0]  ? __pfx___schedule+0x10/0x10
[  423.713035][    C0]  ? __pfx_lock_release+0x10/0x10
[  423.718151][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  423.723682][    C0]  ? schedule+0x90/0x320
[  423.728027][    C0]  schedule+0x14b/0x320
[  423.732254][    C0]  schedule_preempt_disabled+0x13/0x30
[  423.737836][    C0]  __mutex_lock+0x6a4/0xd70
[  423.742382][    C0]  ? rcu_is_watching+0x15/0xb0
[  423.747224][    C0]  ? __mutex_lock+0x527/0xd70
[  423.751949][    C0]  ? rtnetlink_rcv_msg+0x847/0x1180
[  423.757341][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  423.762434][    C0]  ? get_rtnl_holder+0x144/0x190
[  423.767486][    C0]  rtnetlink_rcv_msg+0x847/0x1180
[  423.772594][    C0]  ? rtnetlink_rcv_msg+0x208/0x1180
[  423.777921][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  423.783430][    C0]  ? is_bpf_text_address+0x285/0x2a0
[  423.788799][    C0]  ? __pfx_validate_chain+0x10/0x10
[  423.794051][    C0]  ? __pfx_validate_chain+0x10/0x10
[  423.799360][    C0]  ? arch_stack_walk+0x16d/0x1b0
[  423.804348][    C0]  ? mark_lock+0x9a/0x360
[  423.808900][    C0]  ? __pfx_validate_chain+0x10/0x10
[  423.814191][    C0]  ? __lock_acquire+0x1359/0x2000
[  423.819477][    C0]  ? mark_lock+0x9a/0x360
[  423.823895][    C0]  ? __lock_acquire+0x1359/0x2000
[  423.829062][    C0]  netlink_rcv_skb+0x1e3/0x430
[  423.833919][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  423.839518][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  423.844891][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[  423.850211][    C0]  netlink_unicast+0x7f0/0x990
[  423.855169][    C0]  ? __pfx_netlink_unicast+0x10/0x10
[  423.860674][    C0]  ? __virt_addr_valid+0x183/0x530
[  423.865942][    C0]  ? __check_object_size+0x49c/0x900
[  423.871322][    C0]  ? bpf_lsm_netlink_send+0x9/0x10
[  423.876487][    C0]  netlink_sendmsg+0x8e4/0xcb0
[  423.881362][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.886737][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  423.892863][    C0]  ? aa_sock_msg_perm+0x91/0x160
[  423.897918][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  423.903269][    C0]  ? security_socket_sendmsg+0x87/0xb0
[  423.908842][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.914181][    C0]  __sock_sendmsg+0x221/0x270
[  423.918968][    C0]  __sys_sendto+0x3a4/0x4f0
[  423.923520][    C0]  ? __pfx___sys_sendto+0x10/0x10
[  423.928671][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  423.934710][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  423.941167][    C0]  __x64_sys_sendto+0xde/0x100
[  423.946006][    C0]  do_syscall_64+0xf3/0x230
[  423.950622][    C0]  ? clear_bhb_loop+0x35/0x90
[  423.955354][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.961366][    C0] RIP: 0033:0x7f9afef7796c
[  423.965827][    C0] RSP: 002b:00007ffe53a73bb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  423.974364][    C0] RAX: ffffffffffffffda RBX: 00007f9affc34620 RCX: 00007f9afef7796c
[  423.982457][    C0] RDX: 0000000000000054 RSI: 00007f9affc34670 RDI: 0000000000000003
[  423.990546][    C0] RBP: 0000000000000000 R08: 00007ffe53a73c04 R09: 000000000000000c
[  423.998624][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  424.006724][    C0] R13: 0000000000000000 R14: 00007f9affc34670 R15: 0000000000000000
[  424.014753][    C0]  </TASK>
[  424.017850][    C0] DEBUG: waiting rtnl_mutex for 576 jiffies.
[  424.023950][    C0] task:kworker/u8:8    state:D stack:20400 pid:2878  tgid:2878  ppid:2      flags:0x00004000
[  424.034325][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  424.040523][    C0] Call Trace:
[  424.043836][    C0]  <TASK>
[  424.046861][    C0]  __schedule+0x1800/0x4a60
[  424.051518][    C0]  ? __pfx___schedule+0x10/0x10
[  424.056459][    C0]  ? __pfx_lock_release+0x10/0x10
[  424.061635][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  424.067244][    C0]  ? kthread_data+0x52/0xd0
[  424.071777][    C0]  ? schedule+0x90/0x320
[  424.076040][    C0]  ? wq_worker_sleeping+0x66/0x240
[  424.081269][    C0]  ? schedule+0x90/0x320
[  424.085607][    C0]  schedule+0x14b/0x320
[  424.089961][    C0]  schedule_preempt_disabled+0x13/0x30
[  424.095513][    C0]  __mutex_lock+0x6a4/0xd70
[  424.100151][    C0]  ? mark_lock+0x9a/0x360
[  424.104537][    C0]  ? __mutex_lock+0x527/0xd70
[  424.109342][    C0]  ? addrconf_dad_work+0xd0/0x16f0
[  424.114526][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  424.119751][    C0]  ? get_rtnl_holder+0x144/0x190
[  424.124771][    C0]  addrconf_dad_work+0xd0/0x16f0
[  424.129919][    C0]  ? __pfx_addrconf_dad_work+0x10/0x10
[  424.135465][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  424.141917][    C0]  ? process_scheduled_works+0x945/0x1830
[  424.147719][    C0]  process_scheduled_works+0xa2c/0x1830
[  424.153397][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  424.159502][    C0]  ? assign_work+0x364/0x3d0
[  424.164136][    C0]  worker_thread+0x86d/0xd40
[  424.168862][    C0]  ? __kthread_parkme+0x169/0x1d0
[  424.173945][    C0]  ? __pfx_worker_thread+0x10/0x10
[  424.179169][    C0]  kthread+0x2f0/0x390
[  424.183414][    C0]  ? __pfx_worker_thread+0x10/0x10
[  424.188625][    C0]  ? __pfx_kthread+0x10/0x10
[  424.193302][    C0]  ret_from_fork+0x4b/0x80
[  424.197814][    C0]  ? __pfx_kthread+0x10/0x10
[  424.202466][    C0]  ret_from_fork_asm+0x1a/0x30
[  424.207364][    C0]  </TASK>
[  424.210420][    C0] DEBUG: waiting rtnl_mutex for 590 jiffies.
[  424.216410][    C0] task:kworker/1:6     state:D stack:22616 pid:5144  tgid:5144  ppid:2      flags:0x00004000
[  424.226689][    C0] Workqueue: events linkwatch_event
[  424.231959][    C0] Call Trace:
[  424.235261][    C0]  <TASK>
[  424.238282][    C0]  __schedule+0x1800/0x4a60
[  424.242885][    C0]  ? __pfx___schedule+0x10/0x10
[  424.247918][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  424.254083][    C0]  ? __pfx_lock_release+0x10/0x10
[  424.259307][    C0]  ? kick_pool+0x1bd/0x620
[  424.263794][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  424.269109][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  424.274402][    C0]  ? schedule+0x90/0x320
[  424.278760][    C0]  schedule+0x14b/0x320
[  424.282975][    C0]  schedule_preempt_disabled+0x13/0x30
[  424.288514][    C0]  __mutex_lock+0x6a4/0xd70
[  424.293086][    C0]  ? __mutex_lock+0x527/0xd70
[  424.297861][    C0]  ? linkwatch_event+0xe/0x60
[  424.302591][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  424.307721][    C0]  ? get_rtnl_holder+0x144/0x190
[  424.312727][    C0]  ? process_scheduled_works+0x945/0x1830
[  424.318569][    C0]  linkwatch_event+0xe/0x60
[  424.323143][    C0]  process_scheduled_works+0xa2c/0x1830
[  424.328829][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  424.334893][    C0]  ? assign_work+0x364/0x3d0
[  424.339717][    C0]  worker_thread+0x86d/0xd40
[  424.344374][    C0]  ? __kthread_parkme+0x169/0x1d0
[  424.349491][    C0]  ? __pfx_worker_thread+0x10/0x10
[  424.354690][    C0]  kthread+0x2f0/0x390
[  424.358891][    C0]  ? __pfx_worker_thread+0x10/0x10
[  424.364053][    C0]  ? __pfx_kthread+0x10/0x10
[  424.368858][    C0]  ret_from_fork+0x4b/0x80
[  424.373334][    C0]  ? __pfx_kthread+0x10/0x10
[  424.378108][    C0]  ret_from_fork_asm+0x1a/0x30
[  424.382941][    C0]  </TASK>
[  424.386009][    C0] 
[  424.386009][    C0] Showing all locks held in the system:
[  424.393829][    C0] 2 locks held by kworker/u8:2/35:
[  424.399565][    C0]  #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  424.411473][    C0]  #1: ffffc90000ab7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  424.422313][    C0] 2 locks held by kworker/u8:3/52:
[  424.427479][    C0]  #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  424.439299][    C0]  #1: ffffc90000bc7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  424.450482][    C0] 3 locks held by kworker/u8:8/2878:
[  424.455829][    C0]  #0: ffff88802a302148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  424.467658][    C0]  #1: ffffc900096efd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  424.480618][    C0]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[  424.490178][    C0] 5 locks held by kworker/u8:9/2899:
[  424.495512][    C0]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  424.506518][    C0]  #1: ffffc9000996fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  424.517336][    C0]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  424.526894][    C0]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  424.537044][    C0]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  424.548101][    C0] 2 locks held by dhcpcd/4761:
[  424.552893][    C0]  #0: ffff88806efc1678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: netlink_dump+0xcb/0xd80
[  424.562586][    C0]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210
[  424.572229][    C0] 2 locks held by getty/4859:
[  424.576981][    C0]  #0: ffff88802ef610a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  424.586933][    C0]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  424.597151][    C0] 3 locks held by kworker/1:6/5144:
[  424.602645][    C0]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  424.613833][    C0]  #1: ffffc90003e3fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  424.625030][    C0]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  424.634190][    C0] 4 locks held by udevd/5203:
[  424.638981][    C0]  #0: ffff88806f0b92f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
[  424.648001][    C0]  #1: ffff88802c177c88 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  424.657561][    C0]  #2: ffff888067fec698 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  424.667168][    C0]  #3: ffff88807c5f30e8 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17d/0x340
[  424.676243][    C0] 3 locks held by syz-executor/6365:
[  424.681787][    C0]  #0: ffffffff8e40df88 (pcpu_alloc_mutex){+.+.}-{3:3}, at: pcpu_alloc_noprof+0x27f/0x16e0
[  424.691909][    C0]  #1: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  424.702094][    C0]  #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  424.712087][    C0] 1 lock held by syz-executor/7449:
[  424.717381][    C0]  #0: ffffffff8e40df88 (pcpu_alloc_mutex){+.+.}-{3:3}, at: pcpu_alloc_noprof+0x27f/0x16e0
[  424.727518][    C0] 7 locks held by syz-executor/9497:
[  424.732818][    C0]  #0: ffff88802f5a4420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90
[  424.741793][    C0]  #1: ffff88802975dc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  424.751656][    C0]  #2: ffff888022d3e4b8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500
[  424.761772][    C0]  #3: ffffffff8ef05248 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890
[  424.772305][    C0]  #4: ffff88807c5f30e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  424.781763][    C0]  #5: ffff88807c5f4250 (&devlink->lock_key#15){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80
[  424.791979][    C0]  #6: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nsim_create+0x408/0x890
[  424.800997][    C0] 1 lock held by syz-executor/9570:
[  424.806333][    C0]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  424.816224][    C0] 2 locks held by syz.0.968/9807:
[  424.821340][    C0]  #0: ffff888065b6dc08 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240
[  424.831673][    C0]  #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  424.842666][    C0] 
[  424.845023][    C0] =============================================
[  424.845023][    C0] 
[  425.457331][   T29] audit: type=1326 audit(1720020941.634:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9814 comm="syz.4.972" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2d6b75bd9 code=0x0
[  425.788056][ T9497] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  425.876063][ T9497] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  425.942490][ T9497] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  426.102356][ T9497] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  426.449208][ T9817] loop3: detected capacity change from 0 to 32768
[  427.225710][ T9497] 8021q: adding VLAN 0 to HW filter on device bond0
[  427.308203][ T9497] 8021q: adding VLAN 0 to HW filter on device team0
[  427.364299][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.371602][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  427.457594][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.464903][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  427.800831][ T9570] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  427.883281][ T9570] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  427.927653][ T9570] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  427.979489][ T9570] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  428.189286][ T9862] binder: 9846:9862 ioctl c0046209 0 returned -22
[  428.465560][ T9570] 8021q: adding VLAN 0 to HW filter on device bond0
[  428.592524][ T9570] 8021q: adding VLAN 0 to HW filter on device team0
[  428.631683][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.638979][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  428.699542][ T9497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  428.770667][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.777949][ T5094] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.016548][ T9497] veth0_vlan: entered promiscuous mode
[  429.104489][ T9497] veth1_vlan: entered promiscuous mode
[  429.309761][ T9497] veth0_macvtap: entered promiscuous mode
[  429.364721][ T9497] veth1_macvtap: entered promiscuous mode
[  429.469366][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  429.496764][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.555509][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  429.585046][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.606396][ T9858] loop4: detected capacity change from 0 to 32768
[  429.614237][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  429.636341][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.637528][ T9858] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.978 (9858)
[  429.663350][ T9497] batman_adv: batadv0: Interface activated: batadv_slave_0
[  429.687616][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.716917][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.736752][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.751271][ T9858] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  429.786845][ T9858] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  429.805423][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.830579][ T9858] BTRFS info (device loop4): using free-space-tree
[  429.840530][ T9497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  429.885002][ T9497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  429.938789][ T9497] batman_adv: batadv0: Interface activated: batadv_slave_1
[  430.013204][ T9497] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.073944][ T9497] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.110045][ T9497] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.139686][ T9497] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.271934][ T9570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  430.380551][ T9902] loop3: detected capacity change from 0 to 128
[  430.470804][ T9902] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  430.488306][ T6365] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  430.537974][ T9902] ext4 filesystem being mounted at /123/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  430.656026][ T7449] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  430.718851][ T9570] veth0_vlan: entered promiscuous mode
[  430.755855][ T2899] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.831053][ T2899] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.879866][ T9570] veth1_vlan: entered promiscuous mode
[  431.238125][ T2899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.266420][ T2899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.406340][ T9570] veth0_macvtap: entered promiscuous mode
[  431.500149][ T9877] loop0: detected capacity change from 0 to 32768
[  431.504856][ T9570] veth1_macvtap: entered promiscuous mode
[  431.758529][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  431.777787][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.798580][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  431.849192][ T9921] loop1: detected capacity change from 0 to 16
[  431.873358][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.898930][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  431.915464][ T9921] erofs: (device loop1): mounted with root inode @ nid 36.
[  431.925289][ T9877] ERROR: (device loop0): diRead: i_ino != di_number
[  431.925289][ T9877] 
[  431.933798][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.980354][ T9877] ERROR: (device loop0): remounting filesystem as read-only
[  432.129385][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  432.200587][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.263752][ T9570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  432.328106][ T9927] syz.1.907: attempt to access beyond end of device
[  432.328106][ T9927] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  432.780549][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  432.792219][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.803589][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  432.814472][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.825305][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  432.836208][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.859658][ T9570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  432.916813][ T9570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.973348][ T9570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  433.249310][ T9570] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  433.279317][ T9570] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  433.301049][ T9570] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.318872][ T9570] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  433.382986][   T29] audit: type=1326 audit(1720020949.554:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.1.986" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x0
[  433.799444][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  433.831657][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  433.933864][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  433.964093][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  435.242247][ T9943] loop0: detected capacity change from 0 to 32768
[  435.485424][ T9968] loop2: detected capacity change from 0 to 128
[  435.553117][ T9968] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  435.663743][ T9968] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  435.804324][ T9976] binder: 9960:9976 ioctl c0046209 0 returned -22
[  436.213488][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  436.569775][    T8] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  436.741391][ T9994] loop4: detected capacity change from 0 to 16
[  436.767021][ T9994] erofs: (device loop4): mounted with root inode @ nid 36.
[  437.025784][    T8] usb 2-1: Using ep0 maxpacket: 32
[  437.038427][    T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.055178][    T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.068603][    T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  437.083560][    T8] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  437.141166][T10002] syz.4.995: attempt to access beyond end of device
[  437.141166][T10002] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[  437.805916][    T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  437.816364][    T8] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  437.843477][    T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  437.886964][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.911505][    T8] usb 2-1: Product: syz
[  437.937208][    T8] usb 2-1: Manufacturer: syz
[  438.127314][    T8] usb 2-1: SerialNumber: syz
[  438.441640][    T8] cdc_ncm 2-1:1.0: bind() failure
[  439.501821][    T8] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  439.589426][    T8] cdc_ncm 2-1:1.1: bind() failure
[  439.635071][    T8] usb 2-1: USB disconnect, device number 12
[  440.149852][T10033] loop1: detected capacity change from 0 to 128
[  440.370953][T10033] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  440.449784][T10033] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  440.520170][   T29] audit: type=1326 audit(1720020956.694:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10028 comm="syz.3.1002" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf88975bd9 code=0x0
[  440.550184][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  440.556816][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  440.783180][ T9497] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  441.600117][T10059] binder: 10034:10059 ioctl c0046209 0 returned -22
[  442.009357][T10026] loop4: detected capacity change from 0 to 32768
[  444.605450][T10093] loop4: detected capacity change from 0 to 16
[  444.642736][T10093] erofs: (device loop4): mounted with root inode @ nid 36.
[  444.712218][T10098] loop3: detected capacity change from 0 to 128
[  444.859243][T10098] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  444.928804][T10098] ext4 filesystem being mounted at /131/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  445.072921][T10103] syz.4.1009: attempt to access beyond end of device
[  445.072921][T10103] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[  445.296842][ T1148] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  445.531764][ T7449] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  445.642070][ T1148] usb 3-1: Using ep0 maxpacket: 32
[  445.692961][ T1148] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.776887][ T1148] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.841463][ T1148] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  445.902165][T10109] binder: 10108:10109 ioctl c0046209 0 returned -22
[  445.943029][ T1148] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  446.027112][ T1148] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  446.057846][ T1148] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  446.091884][ T1148] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  446.108242][ T1148] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.127978][ T1148] usb 3-1: Product: syz
[  446.142786][ T1148] usb 3-1: Manufacturer: syz
[  446.160068][ T1148] usb 3-1: SerialNumber: syz
[  446.408395][ T1148] cdc_ncm 3-1:1.0: bind() failure
[  446.464124][ T1148] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  446.506001][ T1148] cdc_ncm 3-1:1.1: bind() failure
[  446.529064][ T1148] usb 3-1: USB disconnect, device number 11
[  446.910503][T10105] loop0: detected capacity change from 0 to 32768
[  446.919103][ T5146] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  446.928360][T10105] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1016 (10105)
[  446.989378][T10105] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  447.016862][T10105] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  447.037639][T10105] BTRFS info (device loop0): using free-space-tree
[  447.081176][T10111] loop4: detected capacity change from 0 to 32768
[  447.126849][ T5146] usb 2-1: Using ep0 maxpacket: 32
[  447.150323][ T5146] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  447.188991][ T5146] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  447.226813][ T5146] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  447.266764][ T5146] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  447.305781][ T5146] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  447.368895][ T5146] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  447.469570][ T5640] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  447.660840][ T5146] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  447.676943][ T5146] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.685032][ T5146] usb 2-1: Product: syz
[  447.706711][ T5146] usb 2-1: Manufacturer: syz
[  447.711401][ T5146] usb 2-1: SerialNumber: syz
[  448.003198][ T5146] cdc_ncm 2-1:1.0: bind() failure
[  448.043220][ T5146] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  448.090125][ T5146] cdc_ncm 2-1:1.1: bind() failure
[  448.137674][ T5146] usb 2-1: USB disconnect, device number 13
[  448.343422][T10150] loop2: detected capacity change from 0 to 128
[  448.441540][T10150] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  448.503688][T10150] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  448.800123][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  448.992182][T10159] binder: 10156:10159 ioctl c0046209 0 returned -22
[  449.216819][   T29] audit: type=1326 audit(1720020965.374:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10143 comm="syz.0.1024" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2295b75bd9 code=0x0
[  451.665259][T10174] loop2: detected capacity change from 0 to 32768
[  451.903350][T10188] loop0: detected capacity change from 0 to 128
[  451.931703][T10176] loop1: detected capacity change from 0 to 32768
[  451.973521][T10188] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  452.009187][T10176] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1034 (10176)
[  452.025112][T10188] ext4 filesystem being mounted at /209/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  452.157971][T10176] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  452.184312][T10176] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  452.216890][T10176] BTRFS info (device loop1): using free-space-tree
[  452.241271][T10191] binder: 10190:10191 ioctl c0046209 0 returned -22
[  452.411071][ T5640] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  452.746654][ T9497] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  453.743903][T10220] netlink: 'syz.2.1040': attribute type 7 has an invalid length.
[  454.799639][T10238] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  454.825993][T10238] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  455.679303][T10244] binder: 10242:10244 ioctl c0046209 0 returned -22
[  456.179095][T10246] loop0: detected capacity change from 0 to 1024
[  456.204849][T10246] EXT4-fs: Ignoring removed nomblk_io_submit option
[  456.282627][T10246] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  456.382030][T10246] System zones: 0-1, 3-12
[  456.438399][T10246] EXT4-fs (loop0): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  456.560201][ T4491] Bluetooth: hci2: command 0x0406 tx timeout
[  456.578881][ T5640] EXT4-fs (loop0): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  456.636935][   T29] audit: type=1326 audit(1720020972.804:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10228 comm="syz.3.1050" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf88975bd9 code=0x0
[  458.506854][T10278] binder: 10273:10278 ioctl c0046209 0 returned -22
[  459.538921][T10282] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  459.578275][T10282] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  459.586321][T10287] loop1: detected capacity change from 0 to 1024
[  459.626212][T10287] EXT4-fs: Ignoring removed nomblk_io_submit option
[  459.707518][T10287] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  459.744249][T10287] System zones: 0-1, 3-12
[  459.814940][T10287] EXT4-fs (loop1): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  460.048942][ T9497] EXT4-fs (loop1): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  460.710748][ T4491] Bluetooth: hci0: command 0x0406 tx timeout
[  461.069000][   T29] audit: type=1326 audit(1720020977.224:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.3.1066" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf88975bd9 code=0x0
[  461.402233][T10307] loop0: detected capacity change from 0 to 16
[  461.469491][T10307] erofs: (device loop0): mounted with root inode @ nid 36.
[  461.558061][T10309] loop4: detected capacity change from 0 to 64
[  461.940906][T10313] syz.0.1070: attempt to access beyond end of device
[  461.940906][T10313] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  463.566867][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  463.754215][   T29] audit: type=1326 audit(1720020979.934:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10323 comm="syz.1.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  463.818916][T10328] netdevsim netdevsim4: Direct firmware load for ng failed with error -2
[  463.819848][   T29] audit: type=1326 audit(1720020979.964:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10323 comm="syz.1.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  463.853495][    T9] usb 1-1: Using ep0 maxpacket: 32
[  463.858945][T10328] netdevsim netdevsim4: Falling back to sysfs fallback for: ng
[  463.886728][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  463.909305][    T9] usb 1-1: unable to read config index 0 descriptor/start: -71
[  463.935497][    T9] usb 1-1: can't read configurations, error -71
[  464.606717][   T29] audit: type=1326 audit(1720020980.784:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10323 comm="syz.1.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  465.747008][ T4491] Bluetooth: hci3: command 0x0406 tx timeout
[  465.754022][T10350] loop3: detected capacity change from 0 to 64
[  466.055503][T10353] loop3: detected capacity change from 0 to 16
[  466.099869][T10353] erofs: (device loop3): mounted with root inode @ nid 36.
[  466.102306][T10338] loop0: detected capacity change from 0 to 32768
[  466.199717][T10338] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1078 (10338)
[  466.436317][T10338] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  466.462014][T10338] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  466.896278][T10354] syz.3.1084: attempt to access beyond end of device
[  466.896278][T10354] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  466.919433][T10338] BTRFS info (device loop0): using free-space-tree
[  466.974604][T10367] loop2: detected capacity change from 0 to 128
[  467.035038][T10367] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  467.078875][T10367] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  468.385537][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  468.471484][ T5640] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  468.917536][   T29] audit: type=1326 audit(1720020985.094:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10387 comm="syz.1.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  468.967223][   T29] audit: type=1326 audit(1720020985.104:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10387 comm="syz.1.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  469.498005][T10393] loop2: detected capacity change from 0 to 2048
[  469.717514][T10393]  loop2: p1 < > p4
[  469.749301][T10393] loop2: p4 size 8388608 extends beyond EOD, truncated
[  469.941978][ T6057] udevd[6057]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  469.964738][   T29] audit: type=1326 audit(1720020986.144:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10387 comm="syz.1.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7fc00000
[  470.044305][ T5098] udevd[5098]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  470.232925][ T4491] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  470.253455][ T4491] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  470.267159][ T4491] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  470.277526][ T4491] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  470.298669][ T4491] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  470.306348][ T4491] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  470.765102][T10411] loop1: detected capacity change from 0 to 64
[  470.856864][ T5094] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  470.905144][   T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.067283][ T5094] usb 1-1: Using ep0 maxpacket: 32
[  471.079221][T10418] loop1: detected capacity change from 0 to 16
[  471.124504][T10418] erofs: (device loop1): mounted with root inode @ nid 36.
[  471.141854][   T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.461358][T10422] loop2: detected capacity change from 0 to 128
[  471.543567][T10424] syz.1.1096: attempt to access beyond end of device
[  471.543567][T10424] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  471.586859][ T4491] Bluetooth: hci4: command tx timeout
[  471.894431][T10422] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  472.207465][T10422] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  472.292620][   T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.387401][ T4491] Bluetooth: hci5: command tx timeout
[  472.475681][   T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.522259][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  472.631304][ T5094] usb 1-1: unable to get BOS descriptor or descriptor too short
[  472.667957][ T5094] usb 1-1: unable to read config index 0 descriptor/start: -71
[  472.716391][ T5094] usb 1-1: can't read configurations, error -71
[  472.837908][T10397] chnl_net:caif_netlink_parms(): no params data found
[  472.981850][   T52] bridge_slave_1: left allmulticast mode
[  472.998024][   T52] bridge_slave_1: left promiscuous mode
[  473.016928][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.041827][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.325039][   T29] audit: type=1326 audit(1720020989.504:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10433 comm="syz.0.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2295b75bd9 code=0x7fc00000
[  473.354627][T10435] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1100'.
[  473.407990][   T29] audit: type=1326 audit(1720020989.534:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10433 comm="syz.0.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2295b75bd9 code=0x7fc00000
[  473.464007][T10428] loop1: detected capacity change from 0 to 32768
[  473.491107][T10428] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1098 (10428)
[  473.574947][T10428] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  473.636958][T10428] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  473.670015][ T4491] Bluetooth: hci4: command 0x0406 tx timeout
[  473.687115][T10428] BTRFS info (device loop1): using free-space-tree
[  474.151675][   T29] audit: type=1326 audit(1720020990.304:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10433 comm="syz.0.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2295b75bd9 code=0x7fc00000
[  474.499696][ T5104] Bluetooth: hci5: command tx timeout
[  474.560180][ T9497] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  475.759844][T10465] loop0: detected capacity change from 0 to 64
[  476.177569][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  476.240620][T10461] loop4: detected capacity change from 0 to 32768
[  476.243658][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  476.249560][T10461] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1103 (10461)
[  476.555651][ T5104] Bluetooth: hci5: command tx timeout
[  476.838978][   T52] bond0 (unregistering): Released all slaves
[  477.183307][T10478] loop2: detected capacity change from 0 to 128
[  477.189618][T10461] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  477.189718][T10461] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  477.189753][T10461] BTRFS info (device loop4): using free-space-tree
[  477.282835][T10485] loop0: detected capacity change from 0 to 16
[  477.313815][T10478] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  477.365470][T10485] erofs: (device loop0): mounted with root inode @ nid 36.
[  477.424352][T10478] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  477.870459][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  477.899221][ T6365] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  477.913593][T10397] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.933145][T10397] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.957021][T10397] bridge_slave_0: entered allmulticast mode
[  478.007050][T10397] bridge_slave_0: entered promiscuous mode
[  478.042624][T10397] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.078366][T10397] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.085706][T10397] bridge_slave_1: entered allmulticast mode
[  478.097743][T10397] bridge_slave_1: entered promiscuous mode
[  478.438324][T10518] syz.0.1107: attempt to access beyond end of device
[  478.438324][T10518] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  478.479890][T10397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  478.512233][T10397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  478.549284][    T8] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  478.626894][ T5104] Bluetooth: hci5: command tx timeout
[  478.734942][   T52] hsr_slave_0: left promiscuous mode
[  478.748469][   T52] hsr_slave_1: left promiscuous mode
[  478.756784][    T8] usb 3-1: Using ep0 maxpacket: 32
[  478.781115][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  478.814865][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  478.841121][   T29] audit: type=1326 audit(1720020995.024:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10522 comm="syz.4.1110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d6b75bd9 code=0x7fc00000
[  478.864942][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  478.889032][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  478.894178][   T29] audit: type=1326 audit(1720020995.024:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10522 comm="syz.4.1110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb2d6b75bd9 code=0x7fc00000
[  479.003302][   T52] veth1_macvtap: left promiscuous mode
[  479.036780][   T52] veth0_macvtap: left promiscuous mode
[  479.042538][   T52] veth1_vlan: left promiscuous mode
[  479.067060][   T52] veth0_vlan: left promiscuous mode
[  479.592820][   T29] audit: type=1326 audit(1720020995.774:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10522 comm="syz.4.1110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d6b75bd9 code=0x7fc00000
[  480.255961][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[  480.297544][    T8] usb 3-1: unable to read config index 0 descriptor/start: -71
[  480.305322][    T8] usb 3-1: can't read configurations, error -71
[  480.341457][T10527] loop1: detected capacity change from 0 to 32768
[  480.375306][T10527] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1111 (10527)
[  480.439284][T10527] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  480.495802][T10527] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  480.531153][T10527] BTRFS info (device loop1): using free-space-tree
[  480.680894][T10539] loop0: detected capacity change from 0 to 64
[  481.430152][ T9497] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  481.871654][   T52] team0 (unregistering): Port device team_slave_1 removed
[  482.141253][   T52] team0 (unregistering): Port device team_slave_0 removed
[  482.144084][T10564] loop1: detected capacity change from 0 to 128
[  482.248549][T10564] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  482.268901][T10564] ext4 filesystem being mounted at /30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  482.650343][ T9497] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  482.924586][T10571] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  483.489479][T10577] loop1: detected capacity change from 0 to 16
[  483.510693][T10577] erofs: (device loop1): mounted with root inode @ nid 36.
[  483.806010][T10581] kvm: emulating exchange as write
[  484.146674][    C0] DEBUG: waiting rtnl_mutex for 558 jiffies.
[  484.152773][    C0] task:syz-executor    state:D stack:21024 pid:10397 tgid:10397 ppid:10386  flags:0x00004000
[  484.163203][    C0] Call Trace:
[  484.166531][    C0]  <TASK>
[  484.169539][    C0]  __schedule+0x1800/0x4a60
[  484.174151][    C0]  ? __pfx___schedule+0x10/0x10
[  484.179131][    C0]  ? __pfx_lock_release+0x10/0x10
[  484.184222][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  484.189792][    C0]  ? schedule+0x90/0x320
[  484.194087][    C0]  schedule+0x14b/0x320
[  484.198332][    C0]  schedule_preempt_disabled+0x13/0x30
[  484.203844][    C0]  __mutex_lock+0x6a4/0xd70
[  484.208476][    C0]  ? __mutex_lock+0x527/0xd70
[  484.213220][    C0]  ? rtnetlink_rcv_msg+0x847/0x1180
[  484.218518][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  484.223609][    C0]  ? get_rtnl_holder+0x144/0x190
[  484.228627][    C0]  rtnetlink_rcv_msg+0x847/0x1180
[  484.233868][    C0]  ? rtnetlink_rcv_msg+0x208/0x1180
[  484.239266][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  484.244795][    C0]  ? is_bpf_text_address+0x285/0x2a0
[  484.250354][    C0]  ? __pfx_validate_chain+0x10/0x10
[  484.255723][    C0]  ? __pfx_validate_chain+0x10/0x10
[  484.261034][    C0]  ? arch_stack_walk+0x16d/0x1b0
[  484.266031][    C0]  ? mark_lock+0x9a/0x360
[  484.270448][    C0]  ? __pfx_validate_chain+0x10/0x10
[  484.275712][    C0]  ? __lock_acquire+0x1359/0x2000
[  484.280835][    C0]  ? mark_lock+0x9a/0x360
[  484.285280][    C0]  ? __lock_acquire+0x1359/0x2000
[  484.290517][    C0]  netlink_rcv_skb+0x1e3/0x430
[  484.295351][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  484.300907][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  484.306284][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[  484.311592][    C0]  netlink_unicast+0x7f0/0x990
[  484.316438][    C0]  ? __pfx_netlink_unicast+0x10/0x10
[  484.321823][    C0]  ? __virt_addr_valid+0x183/0x530
[  484.327042][    C0]  ? __check_object_size+0x49c/0x900
[  484.332389][    C0]  ? bpf_lsm_netlink_send+0x9/0x10
[  484.337617][    C0]  netlink_sendmsg+0x8e4/0xcb0
[  484.342630][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  484.348013][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  484.354060][    C0]  ? aa_sock_msg_perm+0x91/0x160
[  484.359098][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  484.364446][    C0]  ? security_socket_sendmsg+0x87/0xb0
[  484.370034][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[  484.375384][    C0]  __sock_sendmsg+0x221/0x270
[  484.380172][    C0]  __sys_sendto+0x3a4/0x4f0
[  484.384739][    C0]  ? __pfx___sys_sendto+0x10/0x10
[  484.389886][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  484.395930][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  484.402370][    C0]  __x64_sys_sendto+0xde/0x100
[  484.407260][    C0]  do_syscall_64+0xf3/0x230
[  484.411850][    C0]  ? clear_bhb_loop+0x35/0x90
[  484.416662][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.422613][    C0] RIP: 0033:0x7f7801b7796c
[  484.427102][    C0] RSP: 002b:00007ffd12c08f70 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  484.435570][    C0] RAX: ffffffffffffffda RBX: 00007f7802834620 RCX: 00007f7801b7796c
[  484.443637][    C0] RDX: 0000000000000068 RSI: 00007f7802834670 RDI: 0000000000000003
[  484.451706][    C0] RBP: 0000000000000000 R08: 00007ffd12c08fc4 R09: 000000000000000c
[  484.459761][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  484.467918][    C0] R13: 0000000000000000 R14: 00007f7802834670 R15: 0000000000000000
[  484.475957][    C0]  </TASK>
[  484.479061][    C0] DEBUG: holding rtnl_mutex for 587 jiffies.
[  484.485072][    C0] task:kworker/u8:3    state:R  running task     stack:20760 pid:52    tgid:52    ppid:2      flags:0x00004000
[  484.496987][    C0] Workqueue: netns cleanup_net
[  484.501902][    C0] Call Trace:
[  484.505213][    C0]  <TASK>
[  484.508221][    C0]  __schedule+0x1800/0x4a60
[  484.512795][    C0]  ? __pfx___schedule+0x10/0x10
[  484.517739][    C0]  ? __pfx_lock_release+0x10/0x10
[  484.522835][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  484.528828][    C0]  ? kthread_data+0x52/0xd0
[  484.533408][    C0]  ? wq_worker_sleeping+0x66/0x240
[  484.538629][    C0]  ? schedule+0x90/0x320
[  484.543119][    C0]  schedule+0x14b/0x320
[  484.547482][    C0]  synchronize_rcu_expedited+0x684/0x830
[  484.553214][    C0]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  484.559783][    C0]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  484.565150][    C0]  ? __pfx___might_resched+0x10/0x10
[  484.570560][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  484.576760][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  484.582953][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  484.589445][    C0]  synchronize_rcu+0x11b/0x360
[  484.594286][    C0]  ? __pfx_synchronize_rcu+0x10/0x10
[  484.599728][    C0]  lockdep_unregister_key+0x556/0x610
[  484.605268][    C0]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  484.611290][    C0]  ? rcu_is_watching+0x15/0xb0
[  484.616148][    C0]  ? qdisc_reset+0x3bf/0x5b0
[  484.620898][    C0]  __qdisc_destroy+0x165/0x410
[  484.625742][    C0]  dev_shutdown+0x9b/0x440
[  484.630289][    C0]  unregister_netdevice_many_notify+0x9c7/0x1d20
[  484.636731][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  484.643603][    C0]  ? unregister_netdevice_queue+0x26b/0x370
[  484.649697][    C0]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[  484.655949][    C0]  default_device_exit_batch+0xa0f/0xa90
[  484.661868][    C0]  ? __pfx___might_resched+0x10/0x10
[  484.667285][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  484.673524][    C0]  ? cfg802154_pernet_exit+0xc3/0xe0
[  484.678967][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  484.685211][    C0]  cleanup_net+0x89d/0xcc0
[  484.689778][    C0]  ? __pfx_cleanup_net+0x10/0x10
[  484.694797][    C0]  ? process_scheduled_works+0x945/0x1830
[  484.700684][    C0]  process_scheduled_works+0xa2c/0x1830
[  484.706342][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  484.712476][    C0]  ? assign_work+0x364/0x3d0
[  484.717181][    C0]  worker_thread+0x86d/0xd40
[  484.721861][    C0]  ? __kthread_parkme+0x169/0x1d0
[  484.727022][    C0]  ? __pfx_worker_thread+0x10/0x10
[  484.732211][    C0]  kthread+0x2f0/0x390
[  484.736370][    C0]  ? __pfx_worker_thread+0x10/0x10
[  484.741644][    C0]  ? __pfx_kthread+0x10/0x10
[  484.746305][    C0]  ret_from_fork+0x4b/0x80
[  484.750858][    C0]  ? __pfx_kthread+0x10/0x10
[  484.755558][    C0]  ret_from_fork_asm+0x1a/0x30
[  484.760487][    C0]  </TASK>
[  484.763559][    C0] DEBUG: waiting rtnl_mutex for 594 jiffies.
[  484.769689][    C0] task:dhcpcd          state:D stack:20672 pid:4761  tgid:4761  ppid:4760   flags:0x00000002
[  484.779970][    C0] Call Trace:
[  484.783296][    C0]  <TASK>
[  484.786274][    C0]  __schedule+0x1800/0x4a60
[  484.790964][    C0]  ? __pfx___schedule+0x10/0x10
[  484.795898][    C0]  ? __pfx_lock_release+0x10/0x10
[  484.801066][    C0]  ? __mutex_trylock_common+0x92/0x2e0
[  484.806691][    C0]  ? schedule+0x90/0x320
[  484.811007][    C0]  schedule+0x14b/0x320
[  484.815245][    C0]  schedule_preempt_disabled+0x13/0x30
[  484.820847][    C0]  __mutex_lock+0x6a4/0xd70
[  484.825441][    C0]  ? __mutex_lock+0x527/0xd70
[  484.830286][    C0]  ? devinet_ioctl+0x2ce/0x1bc0
[  484.835202][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  484.840391][    C0]  ? bpf_lsm_capable+0x9/0x10
[  484.845143][    C0]  ? security_capable+0x90/0xb0
[  484.850201][    C0]  ? get_rtnl_holder+0x144/0x190
[  484.855224][    C0]  devinet_ioctl+0x2ce/0x1bc0
[  484.860233][    C0]  ? get_user_ifreq+0x1bb/0x200
[  484.865173][    C0]  inet_ioctl+0x3d7/0x4f0
[  484.869689][    C0]  ? __pfx_inet_ioctl+0x10/0x10
[  484.874681][    C0]  sock_do_ioctl+0x158/0x460
[  484.879437][    C0]  ? __pfx_sock_do_ioctl+0x10/0x10
[  484.884630][    C0]  ? __pfx_lock_release+0x10/0x10
[  484.889837][    C0]  sock_ioctl+0x629/0x8e0
[  484.894247][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  484.899252][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  484.905411][    C0]  ? bpf_lsm_file_ioctl+0x9/0x10
[  484.910486][    C0]  ? security_file_ioctl+0x87/0xb0
[  484.915669][    C0]  ? __pfx_sock_ioctl+0x10/0x10
[  484.920678][    C0]  __se_sys_ioctl+0xfc/0x170
[  484.925423][    C0]  do_syscall_64+0xf3/0x230
[  484.930080][    C0]  ? clear_bhb_loop+0x35/0x90
[  484.934920][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.941052][    C0] RIP: 0033:0x7f007c578d49
[  484.945532][    C0] RSP: 002b:00007ffff5341a08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  484.954081][    C0] RAX: ffffffffffffffda RBX: 00007f007c4aa6c0 RCX: 00007f007c578d49
[  484.962179][    C0] RDX: 00007ffff5351bf8 RSI: 0000000000008914 RDI: 0000000000000008
[  484.970306][    C0] RBP: 00007ffff5361db8 R08: 00007ffff5351bb8 R09: 00007ffff5351b68
[  484.978434][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  484.986470][    C0] R13: 00007ffff5351bf8 R14: 0000000000000028 R15: 0000000000008914
[  484.994588][    C0]  </TASK>
[  484.997709][    C0] 
[  484.997709][    C0] Showing all locks held in the system:
[  485.005473][    C0] 2 locks held by kworker/u8:1/12:
[  485.010710][    C0]  #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  485.022564][    C0]  #1: ffffc90000117d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  485.033456][    C0] 5 locks held by kworker/u8:3/52:
[  485.038672][    C0]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  485.049916][    C0]  #1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  485.060610][    C0]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  485.070282][    C0]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  485.080570][    C0]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  485.091691][    C0] 3 locks held by kworker/u8:9/2899:
[  485.097177][    C0]  #0: ffff88802a302148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  485.109047][    C0]  #1: ffffc9000996fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  485.122865][    C0]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  485.132553][    C0] 1 lock held by dhcpcd/4761:
[  485.137415][    C0]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  485.146812][    C0] 2 locks held by getty/4859:
[  485.151546][    C0]  #0: ffff88802ef610a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  485.161481][    C0]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  485.171737][    C0] 3 locks held by kworker/1:5/5142:
[  485.177043][    C0]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  485.188175][    C0]  #1: ffffc90003dffd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  485.199331][    C0]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  485.208495][    C0] 2 locks held by kworker/u8:11/8064:
[  485.213925][    C0]  #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  485.225828][    C0]  #1: ffffc90004767d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  485.236958][    C0] 1 lock held by syz-executor/10397:
[  485.242316][    C0]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  485.251989][    C0] 1 lock held by syz.2.1117/10568:
[  485.255495][T10583] loop0: detected capacity change from 0 to 32768
[  485.257200][    C0]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x21e/0x1bc0
[  485.272824][    C0] 1 lock held by syz.1.1122/10576:
[  485.278072][    C0]  #0: ffff888043b94d98 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0
[  485.279016][T10583] btrfs: Deprecated parameter 'usebackuproot'
[  485.287637][    C0] 3 locks held by syz.1.1122/10577:
[  485.287662][    C0]  #0: ffff888043b94d98 (&mm->mmap_lock){++++}-{3:3}, at: __mm_populate+0x1b0/0x460
[  485.287741][    C0]  #1: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  485.287814][    C0]  #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  485.287890][    C0] 1 lock held by syz.0.1123/10581:
[  485.287905][    C0] 
[  485.336233][T10583] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  485.336356][    C0] =============================================
[  485.336356][    C0] 
[  485.467688][T10583] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1123 (10583)
[  485.551264][T10589] loop4: detected capacity change from 0 to 64
[  485.601104][T10583] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  485.634646][T10583] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  485.747174][T10593] syz.1.1122: attempt to access beyond end of device
[  485.747174][T10593] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  485.933289][   T73] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0
[  486.003494][T10583] BTRFS warning (device loop0): couldn't read tree root
[  486.027402][T10583] BTRFS warning (device loop0): try to load backup roots slot 1
[  486.038925][ T2878] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0
[  486.116795][T10583] BTRFS warning (device loop0): couldn't read tree root
[  486.123847][T10583] BTRFS warning (device loop0): try to load backup roots slot 2
[  486.172197][ T1093] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  486.194087][T10583] BTRFS warning (device loop0): couldn't read tree root
[  486.246880][T10583] BTRFS warning (device loop0): try to load backup roots slot 3
[  486.333072][T10397] team0: Port device team_slave_0 added
[  486.357442][    T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  486.378938][T10583] BTRFS info (device loop0): rebuilding free space tree
[  486.395007][T10397] team0: Port device team_slave_1 added
[  486.527735][T10397] batman_adv: batadv0: Adding interface: batadv_slave_0
[  486.534761][T10397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.620656][    T8] usb 5-1: Using ep0 maxpacket: 32
[  486.695081][T10397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  486.753129][T10397] batman_adv: batadv0: Adding interface: batadv_slave_1
[  486.768764][T10583] BTRFS info (device loop0): disabling free space tree
[  486.774725][T10397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.776006][T10583] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  486.846656][T10583] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  486.871360][T10397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  487.129719][T10397] hsr_slave_0: entered promiscuous mode
[  487.143523][ T5640] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  487.157328][T10397] hsr_slave_1: entered promiscuous mode
[  487.901650][T10627] loop0: detected capacity change from 0 to 128
[  487.921598][    T8] usb 5-1: unable to get BOS descriptor or descriptor too short
[  487.950468][    T8] usb 5-1: unable to read config index 0 descriptor/start: -71
[  487.974960][    T8] usb 5-1: can't read configurations, error -71
[  488.031774][T10613] loop2: detected capacity change from 0 to 32768
[  488.044520][T10613] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1127 (10613)
[  488.045771][T10627] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  488.107807][T10613] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  488.144435][T10613] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  488.153682][T10627] ext4 filesystem being mounted at /232/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  488.184259][T10613] BTRFS info (device loop2): using free-space-tree
[  488.352382][ T5640] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  489.089353][ T9570] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  489.238233][T10660] 9pnet_fd: Insufficient options for proto=fd
[  490.241016][T10397] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  490.305240][T10397] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  490.510244][T10397] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  490.644086][T10397] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  491.243658][T10672] loop4: detected capacity change from 0 to 64
[  491.973339][T10397] 8021q: adding VLAN 0 to HW filter on device bond0
[  491.985191][T10689] loop4: detected capacity change from 0 to 16
[  492.037559][T10689] erofs: (device loop4): mounted with root inode @ nid 36.
[  492.068039][T10397] 8021q: adding VLAN 0 to HW filter on device team0
[  492.138130][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.145364][ T5094] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.196162][T10692] loop1: detected capacity change from 0 to 128
[  492.218109][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.225402][ T5094] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.389817][T10692] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  492.420223][T10692] ext4 filesystem being mounted at /35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  492.451946][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.549265][T10397] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  492.739460][ T9497] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  493.111951][T10711] syz.4.1138: attempt to access beyond end of device
[  493.111951][T10711] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[  493.200556][T10397] 8021q: adding VLAN 0 to HW filter on device batadv0
[  493.296953][ T5145] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  493.382533][T10397] veth0_vlan: entered promiscuous mode
[  493.425610][T10397] veth1_vlan: entered promiscuous mode
[  493.516982][ T5145] usb 2-1: Using ep0 maxpacket: 32
[  493.581451][T10397] veth0_macvtap: entered promiscuous mode
[  493.605562][T10397] veth1_macvtap: entered promiscuous mode
[  493.660689][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  493.702142][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.742406][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  493.773153][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.822558][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  493.867899][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.898390][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  493.942159][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  493.979949][T10397] batman_adv: batadv0: Interface activated: batadv_slave_0
[  494.054114][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.088392][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.108910][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.128914][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.151091][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.174365][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.198711][T10397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.222267][T10397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.255355][T10397] batman_adv: batadv0: Interface activated: batadv_slave_1
[  494.313240][T10397] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  494.347971][T10397] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  494.387568][T10397] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  494.436739][T10397] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  494.730329][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  494.760350][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  494.880695][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  494.909008][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.031474][ T5145] usb 2-1: unable to get BOS descriptor or descriptor too short
[  495.063697][ T5145] usb 2-1: unable to read config index 0 descriptor/start: -71
[  495.097130][ T5145] usb 2-1: can't read configurations, error -71
[  495.299273][T10722] loop0: detected capacity change from 0 to 32768
[  495.329317][T10722] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1141 (10722)
[  495.384629][T10739] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  495.395478][T10739] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  495.446306][T10722] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  495.495109][T10722] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  495.513306][T10722] BTRFS info (device loop0): using free-space-tree
[  496.105022][   T29] audit: type=1326 audit(1720021012.284:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.183573][ T5640] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  496.253149][   T29] audit: type=1326 audit(1720021012.324:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.348024][   T29] audit: type=1326 audit(1720021012.324:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.418437][T10769] vhci_hcd: default hub control req: 0006 v0000 i0000 l0
[  496.467155][   T29] audit: type=1326 audit(1720021012.324:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.577036][   T29] audit: type=1326 audit(1720021012.324:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.689701][   T29] audit: type=1326 audit(1720021012.344:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.744591][T10778] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  496.798846][T10779] loop4: detected capacity change from 0 to 128
[  496.806557][   T29] audit: type=1326 audit(1720021012.344:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.827328][T10778] Error parsing options; rc = [-22]
[  496.921613][   T29] audit: type=1326 audit(1720021012.344:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  496.968671][T10731] loop2: detected capacity change from 0 to 32768
[  496.969442][T10779] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  496.997496][T10731] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1142 (10731)
[  497.059016][T10779] ext4 filesystem being mounted at /191/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  497.101088][   T29] audit: type=1326 audit(1720021012.394:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  497.196657][ T5104] Bluetooth: hci5: command tx timeout
[  497.212447][T10764] syz.1.1144: attempt to access beyond end of device
[  497.212447][T10764] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  497.277406][   T29] audit: type=1326 audit(1720021012.394:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10761 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d2d975bd9 code=0x7ffc0000
[  497.350840][T10764] gfs2: error -5 reading superblock
[  497.524718][T10731] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  497.800814][ T6365] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  497.857062][T10731] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  498.176729][T10731] BTRFS info (device loop2): using free-space-tree
[  498.207894][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  498.223376][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  498.348304][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  498.369275][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  498.471026][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  498.500350][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  498.560780][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  498.613340][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  498.744689][T10814] binder: 10810:10814 ioctl c0046209 0 returned -22
[  498.872442][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  498.873334][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  498.957789][T10731] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  499.014301][T10731] BTRFS error (device loop2): open_ctree failed
[  499.399204][ T5094] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  499.629276][ T5094] usb 5-1: Using ep0 maxpacket: 32
[  500.291178][T10837] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1156'.
[  500.472842][ T5104] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  500.481912][ T5104] Bluetooth: hci1: Injecting HCI hardware error event
[  500.492846][ T5104] Bluetooth: hci1: hardware error 0x00
[  501.126756][ T5094] usb 5-1: unable to get BOS descriptor or descriptor too short
[  501.126850][T10845] loop3: detected capacity change from 0 to 4096
[  501.161272][ T5094] usb 5-1: unable to read config index 0 descriptor/start: -71
[  501.186716][ T5094] usb 5-1: can't read configurations, error -71
[  501.194705][T10845] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  501.226826][T10848] loop2: detected capacity change from 0 to 128
[  501.240342][T10845] ntfs3: loop3: It is recommened to use chkdsk.
[  501.527539][T10829] loop1: detected capacity change from 0 to 32768
[  501.611358][T10829] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1155 (10829)
[  501.683574][   T29] kauditd_printk_skb: 54 callbacks suppressed
[  501.683623][   T29] audit: type=1800 audit(1720021017.864:244): pid=10851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1160" name="bus" dev="loop2" ino=1048652 res=0 errno=0
[  501.989538][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  501.996206][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  502.366444][T10858] loop4: detected capacity change from 0 to 128
[  502.611249][ T5104] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  502.621631][T10858] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  503.071144][T10868] binder: 10860:10868 ioctl c0046209 0 returned -22
[  503.779452][ T5104] Bluetooth: hci5: command 0x0406 tx timeout
[  504.016458][T10858] ext4 filesystem being mounted at /194/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  505.617961][ T6365] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  506.449296][T10891] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  506.532088][T10891] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  506.883347][T10900] loop4: detected capacity change from 0 to 4096
[  506.896903][ T5142] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  506.923884][T10900] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  506.985167][T10900] ntfs3: loop4: It is recommened to use chkdsk.
[  507.107657][ T5142] usb 3-1: Using ep0 maxpacket: 32
[  507.796920][   T29] audit: type=1326 audit(1720021023.714:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10903 comm="syz.3.1175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7801b75bd9 code=0x0
[  507.818869][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.388202][ T4491] Bluetooth: hci5: command 0x0406 tx timeout
[  508.664614][T10898] loop0: detected capacity change from 0 to 32768
[  508.696266][ T5142] usb 3-1: unable to get BOS descriptor or descriptor too short
[  508.734061][ T5142] usb 3-1: unable to read config index 0 descriptor/start: -71
[  508.742639][ T5142] usb 3-1: can't read configurations, error -71
[  508.747070][T10898] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1173 (10898)
[  508.814228][T10915] binder: 10910:10915 ioctl c0046209 0 returned -22
[  510.761767][T10933] loop2: detected capacity change from 0 to 128
[  510.930417][T10933] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  511.126792][T10933] ext4 filesystem being mounted at /39/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  511.158617][    C0] vkms_vblank_simulate: vblank timer overrun
[  512.012995][ T9570] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  512.847414][T10961] binder: 10956:10961 ioctl c0046209 0 returned -22
[  513.156861][ T1148] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  513.357218][ T1148] usb 4-1: Using ep0 maxpacket: 32
[  513.744120][T10969] loop0: detected capacity change from 0 to 64
[  514.589240][ T1148] usb 4-1: unable to get BOS descriptor or descriptor too short
[  514.791858][ T1148] usb 4-1: unable to read config index 0 descriptor/start: -71
[  514.821826][ T1148] usb 4-1: can't read configurations, error -71
[  517.843311][T11012] binder: 11005:11012 ioctl c0046209 0 returned -22
[  519.929663][T11024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  520.218974][ T1148] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  520.446958][ T1148] usb 3-1: Using ep0 maxpacket: 32
[  521.929758][ T1148] usb 3-1: unable to get BOS descriptor or descriptor too short
[  521.987271][ T1148] usb 3-1: unable to read config index 0 descriptor/start: -71
[  522.005603][ T1148] usb 3-1: can't read configurations, error -71
[  522.017298][T11036] loop3: detected capacity change from 0 to 64
[  524.096157][T11060] binder: 11049:11060 ioctl c0046209 0 returned -22
[  525.378184][T11068] loop2: detected capacity change from 0 to 2048
[  525.563967][T11068] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  525.626408][T11076] loop3: detected capacity change from 0 to 512
[  526.002847][T11076] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz.3.1222: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  526.031145][T11076] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1222: couldn't read orphan inode 15 (err -117)
[  526.058785][T11076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  526.077198][T11076] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  526.162181][ T9570] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.352976][T10397] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.369574][T11091] loop2: detected capacity change from 0 to 512
[  526.397745][ T5143] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  526.440737][T11091] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #15: comm syz.2.1226: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  526.568700][T11094] loop3: detected capacity change from 0 to 256
[  526.592232][T11091] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.1226: couldn't read orphan inode 15 (err -117)
[  526.636720][ T5143] usb 2-1: Using ep0 maxpacket: 32
[  526.669226][T11091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  526.727054][T11091] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  526.814917][T11096] loop4: detected capacity change from 0 to 64
[  526.899350][ T9570] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  527.397996][T11101] binder: 11097:11101 ioctl c0046209 0 returned -22
[  528.203483][ T5143] usb 2-1: unable to get BOS descriptor or descriptor too short
[  528.266240][ T5143] usb 2-1: unable to read config index 0 descriptor/start: -71
[  528.305331][ T5143] usb 2-1: can't read configurations, error -71
[  529.478673][T11119] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  529.746971][T10850] Bluetooth: hci4: command 0x0406 tx timeout
[  531.166841][T11130] loop2: detected capacity change from 0 to 32768
[  531.287940][T11130] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  531.303529][T11130] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  531.314143][T11130] bcachefs (loop2): Version upgrade required:
[  531.314143][T11130] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete
[  531.314143][T11130] Doing incompatible version upgrade from 0.19: freespace to 1.9: disk_accounting_v2
[  531.314143][T11130]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance
[  531.443536][T11130] bcachefs (loop2): accounting_read... done
[  531.444264][T11131] loop4: detected capacity change from 0 to 1024
[  531.449670][T11130] bcachefs (loop2): alloc_read... done
[  531.462481][T11130] bcachefs (loop2): stripes_read... done
[  531.468405][T11130] bcachefs (loop2): snapshots_read... done
[  531.474466][T11130] bcachefs (loop2): check_allocations...
[  531.567155][T11130] bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing
[  531.579334][T11142] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1237'.
[  531.593821][T11130] bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[  531.611497][T11130]  done
[  531.632483][T11130] bcachefs (loop2): going read-write
[  531.678753][T11130] bcachefs (loop2): journal_replay...
[  531.768386][T11131] EXT4-fs: Ignoring removed nomblk_io_submit option
[  531.985847][T11130]  done
[  531.989856][T11130] bcachefs (loop2): check_alloc_info... done
[  532.007330][T11130] bcachefs (loop2): check_lrus... done
[  532.023201][T11130] bcachefs (loop2): check_btree_backpointers... done
[  532.027738][T11131] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  532.044241][T11130] bcachefs (loop2): check_backpointers_to_extents... done
[  532.081359][T11130] bcachefs (loop2): check_extents_to_backpointers...
[  532.084270][T11130] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  532.084358][T11130]   got:   u64s 5 type deleted 0:9961472:0 len 0 ver 0
[  532.084375][T11130]   want:  u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
[  532.133071][T11130] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 19
[  532.143189][T11130] bcachefs (loop2): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
[  532.153422][T11130] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed
[  532.161551][T11130] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  532.171259][T11130] bcachefs (loop2): shutting down
[  532.176327][T11130] bcachefs (loop2): going read-only
[  532.181687][T11130] bcachefs (loop2): finished waiting for writes to stop
[  532.189737][T11130] bcachefs (loop2): flushing journal and stopping allocators, journal seq 19
[  532.198808][T11130] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 19
[  532.210971][T11130] bcachefs (loop2): unshutdown complete, journal seq 19
[  532.219572][T11130] bcachefs (loop2): done going read-only, filesystem not clean
[  532.245133][T11130] bcachefs (loop2): shutdown complete
[  532.276209][T11131] EXT4-fs (loop4): Test dummy encryption mode enabled
[  532.537027][T11131] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  532.552432][T11131] EXT4-fs: failed to create workqueue
[  532.611081][T11131] EXT4-fs (loop4): mount failed
[  532.825618][T11130] syz.2.1236 (11130) used greatest stack depth: 11376 bytes left
[  532.941518][T11162] loop2: detected capacity change from 0 to 64
[  532.958866][T11159] loop1: detected capacity change from 0 to 1024
[  532.966388][T11159] EXT4-fs: Ignoring removed nomblk_io_submit option
[  533.308972][T11164] binder: 11160:11164 ioctl c0046209 0 returned -22
[  533.646962][T11159] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  533.808622][T11159] System zones: 0-1, 3-12
[  533.998257][T11159] EXT4-fs (loop1): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  534.324642][ T9497] EXT4-fs (loop1): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  537.592001][T11213] loop2: detected capacity change from 0 to 32768
[  537.724777][T11213] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  537.739241][T11213] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  537.747889][T11213] bcachefs (loop2): Version upgrade required:
[  537.747889][T11213] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete
[  537.747889][T11213] Doing incompatible version upgrade from 0.19: freespace to 1.9: disk_accounting_v2
[  537.747889][T11213]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance
[  537.907058][T11213] bcachefs (loop2): accounting_read... done
[  537.913214][T11213] bcachefs (loop2): alloc_read... done
[  537.919556][T11213] bcachefs (loop2): stripes_read... done
[  537.925383][T11213] bcachefs (loop2): snapshots_read... done
[  537.931653][T11213] bcachefs (loop2): check_allocations...
[  537.983865][T11213] bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing
[  538.001658][T11213] bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[  538.016624][T11213]  done
[  538.028036][T11213] bcachefs (loop2): going read-write
[  538.034937][T11213] bcachefs (loop2): journal_replay... done
[  538.338949][T11213] bcachefs (loop2): check_alloc_info... done
[  538.359238][T11213] bcachefs (loop2): check_lrus... done
[  538.430118][T11213] bcachefs (loop2): check_btree_backpointers... done
[  538.442286][T11213] bcachefs (loop2): check_backpointers_to_extents... done
[  538.462099][T11213] bcachefs (loop2): check_extents_to_backpointers...
[  538.464600][T11213] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  538.464629][T11213]   got:   u64s 5 type deleted 0:9961472:0 len 0 ver 0
[  538.464645][T11213]   want:  u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
[  538.517984][T11213] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 22
[  538.527948][T11213] bcachefs (loop2): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
[  538.538111][T11213] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed
[  538.546133][T11213] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  538.555850][T11213] bcachefs (loop2): shutting down
[  538.555851][ T5144] bcachefs (loop2): going read-only
[  538.568927][T11233] binder: 11231:11233 ioctl c0046209 0 returned -22
[  538.587355][T11230] loop3: detected capacity change from 0 to 1024
[  538.594870][T11230] EXT4-fs: Ignoring removed nomblk_io_submit option
[  538.616513][T11230] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  538.640998][T11230] EXT4-fs (loop3): Test dummy encryption mode enabled
[  538.646739][ T5144] bcachefs (loop2): finished waiting for writes to stop
[  538.655231][ T5144] bcachefs (loop2): flushing journal and stopping allocators, journal seq 22
[  538.688809][T11230] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003]
[  538.692180][ T5144] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 22
[  538.778375][ T5144] bcachefs (loop2): unshutdown complete, journal seq 22
[  538.805294][ T5144] bcachefs (loop2): done going read-only, filesystem not clean
[  538.867258][T11213] bcachefs (loop2): shutdown complete
[  538.923264][T11230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  539.600426][T11239] loop4: detected capacity change from 0 to 1024
[  540.071362][T11239] EXT4-fs: Ignoring removed nomblk_io_submit option
[  540.191515][T11239] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c018, mo2=0002]
[  540.297336][T11239] System zones: 0-1, 3-12
[  540.339647][T11239] EXT4-fs (loop4): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  540.622335][ T6365] EXT4-fs (loop4): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  540.965317][T10397] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  540.987807][T11253] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1262'.
[  541.448390][ T5144] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  541.792286][ T5144] usb 3-1: device descriptor read/64, error -71
[  542.916876][ T5144] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  543.208238][ T5144] usb 3-1: device descriptor read/64, error -71
[  543.493699][ T5144] usb usb3-port1: attempt power cycle
[  543.524280][T11289] loop3: detected capacity change from 0 to 16
[  543.535770][T11289] erofs: (device loop3): mounted with root inode @ nid 36.
[  543.543788][T11290] binder: 11284:11290 ioctl c0046209 0 returned -22
[  545.866235][T11319] loop0: detected capacity change from 0 to 1024
[  546.203426][T11319] EXT4-fs: Ignoring removed nomblk_io_submit option
[  546.611674][T11319] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  546.713936][T11327] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1278'.
[  546.758984][T11319] EXT4-fs (loop0): Test dummy encryption mode enabled
[  547.126187][T11319] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003]
[  547.334241][T11319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  547.752895][T11342] binder: 11339:11342 ioctl c0046209 0 returned -22
[  548.878699][ T5640] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  549.103392][ T1093] tipc: Subscription rejected, illegal request
[  550.266682][T11370] loop1: detected capacity change from 0 to 32768
[  550.826509][T11370] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  550.840959][T11370] bcachefs (loop1): recovering from clean shutdown, journal seq 8
[  550.849217][T11370] bcachefs (loop1): Version upgrade required:
[  550.849217][T11370] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete
[  550.849217][T11370] Doing incompatible version upgrade from 0.19: freespace to 1.9: disk_accounting_v2
[  550.849217][T11370]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance
[  550.995297][T11370] bcachefs (loop1): accounting_read... done
[  551.001529][T11370] bcachefs (loop1): alloc_read... done
[  551.008075][T11370] bcachefs (loop1): stripes_read... done
[  551.013828][T11370] bcachefs (loop1): snapshots_read... done
[  551.019935][T11370] bcachefs (loop1): check_allocations...
[  551.219627][T11370] bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing
[  551.234114][T11370] bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[  551.245432][T11370]  done
[  551.258102][T11370] bcachefs (loop1): going read-write
[  551.274654][T11370] bcachefs (loop1): journal_replay...
[  551.422373][T11384] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1291'.
[  551.683381][T11370]  done
[  551.722504][T11370] bcachefs (loop1): check_alloc_info... done
[  551.736239][T11370] bcachefs (loop1): check_lrus... done
[  551.742883][T11370] bcachefs (loop1): check_btree_backpointers... done
[  551.750928][T11370] bcachefs (loop1): check_backpointers_to_extents... done
[  551.766856][T11370] bcachefs (loop1): check_extents_to_backpointers...
[  551.767582][T11370] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  551.767602][T11370]   got:   u64s 5 type deleted 0:9961472:0 len 0 ver 0
[  551.767612][T11370]   want:  u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
[  551.813926][T11370] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 20
[  551.823417][T11370] bcachefs (loop1): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
[  551.833477][T11370] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed
[  551.841592][T11370] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  551.851196][T11370] bcachefs (loop1): shutting down
[  551.856251][T11370] bcachefs (loop1): going read-only
[  551.861636][T11370] bcachefs (loop1): flushing journal and stopping allocators, journal seq 20
[  551.870594][T11370] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 20
[  551.880615][T11370] bcachefs (loop1): unshutdown complete, journal seq 20
[  551.892653][T11370] bcachefs (loop1): finished waiting for writes to stop
[  551.900222][T11370] bcachefs (loop1): done going read-only, filesystem not clean
[  551.933980][T11370] bcachefs (loop1): shutdown complete
[  551.953796][ T5142] ==================================================================
[  551.961923][ T5142] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250
[  551.969485][ T5142] Read of size 8 at addr ffff888041f600b0 by task kworker/1:5/5142
[  551.977376][ T5142] 
[  551.979706][ T5142] CPU: 1 UID: 0 PID: 5142 Comm: kworker/1:5 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  551.989947][ T5142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  552.000027][ T5142] Workqueue: bcachefs_write_ref bch2_do_discards_work
[  552.006929][ T5142] Call Trace:
[  552.010238][ T5142]  <TASK>
[  552.013282][ T5142]  dump_stack_lvl+0x241/0x360
[  552.018020][ T5142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.023279][ T5142]  ? __pfx__printk+0x10/0x10
[  552.027926][ T5142]  ? _printk+0xd5/0x120
[  552.032142][ T5142]  ? __virt_addr_valid+0x183/0x530
[  552.037305][ T5142]  ? __virt_addr_valid+0x183/0x530
[  552.042563][ T5142]  print_report+0x169/0x550
[  552.047152][ T5142]  ? __virt_addr_valid+0x183/0x530
[  552.052415][ T5142]  ? __virt_addr_valid+0x183/0x530
[  552.057546][ T5142]  ? __virt_addr_valid+0x45f/0x530
[  552.062688][ T5142]  ? __phys_addr+0xba/0x170
[  552.067209][ T5142]  ? percpu_ref_put+0xda/0x250
[  552.071980][ T5142]  kasan_report+0x143/0x180
[  552.076508][ T5142]  ? kfree+0x4e/0x360
[  552.080533][ T5142]  ? percpu_ref_put+0xda/0x250
[  552.085304][ T5142]  ? percpu_ref_put+0x1f/0x250
[  552.090098][ T5142]  percpu_ref_put+0xda/0x250
[  552.094710][ T5142]  bch2_do_discards_work+0x286a/0x2d10
[  552.100181][ T5142]  ? __pfx_validate_chain+0x10/0x10
[  552.105404][ T5142]  ? mark_lock+0x9a/0x360
[  552.109750][ T5142]  ? bch2_do_discards_work+0x2ce/0x2d10
[  552.115340][ T5142]  ? __pfx_bch2_do_discards_work+0x10/0x10
[  552.121156][ T5142]  ? mark_lock+0x9a/0x360
[  552.125497][ T5142]  ? debug_object_deactivate+0x2d5/0x390
[  552.131149][ T5142]  ? __lock_acquire+0x1359/0x2000
[  552.136282][ T5142]  ? __pfx_lock_acquire+0x10/0x10
[  552.141324][ T5142]  ? bch2_do_discards_work+0x2ce/0x2d10
[  552.146883][ T5142]  ? process_scheduled_works+0x945/0x1830
[  552.152614][ T5142]  process_scheduled_works+0xa2c/0x1830
[  552.158209][ T5142]  ? __pfx_process_scheduled_works+0x10/0x10
[  552.164206][ T5142]  ? assign_work+0x364/0x3d0
[  552.168821][ T5142]  worker_thread+0x86d/0xd40
[  552.173429][ T5142]  ? __kthread_parkme+0x169/0x1d0
[  552.178487][ T5142]  ? __pfx_worker_thread+0x10/0x10
[  552.183632][ T5142]  kthread+0x2f0/0x390
[  552.187729][ T5142]  ? __pfx_worker_thread+0x10/0x10
[  552.192850][ T5142]  ? __pfx_kthread+0x10/0x10
[  552.197471][ T5142]  ret_from_fork+0x4b/0x80
[  552.201901][ T5142]  ? __pfx_kthread+0x10/0x10
[  552.206506][ T5142]  ret_from_fork_asm+0x1a/0x30
[  552.211318][ T5142]  </TASK>
[  552.214342][ T5142] 
[  552.216668][ T5142] Allocated by task 11370:
[  552.221085][ T5142]  kasan_save_track+0x3f/0x80
[  552.225792][ T5142]  __kasan_kmalloc+0x98/0xb0
[  552.230387][ T5142]  __kmalloc_cache_noprof+0x19c/0x2c0
[  552.235769][ T5142]  __bch2_dev_alloc+0x57/0xa60
[  552.240537][ T5142]  bch2_dev_alloc+0xd4/0x170
[  552.245133][ T5142]  bch2_fs_alloc+0x1f70/0x20a0
[  552.249915][ T5142]  bch2_fs_open+0x8cc/0xdf0
[  552.254447][ T5142]  bch2_fs_get_tree+0x750/0x16c0
[  552.259405][ T5142]  vfs_get_tree+0x90/0x2a0
[  552.263826][ T5142]  do_new_mount+0x2be/0xb40
[  552.268337][ T5142]  __se_sys_mount+0x2d6/0x3c0
[  552.273104][ T5142]  do_syscall_64+0xf3/0x230
[  552.277610][ T5142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.283509][ T5142] 
[  552.285835][ T5142] Freed by task 11370:
[  552.289899][ T5142]  kasan_save_track+0x3f/0x80
[  552.294582][ T5142]  kasan_save_free_info+0x40/0x50
[  552.299710][ T5142]  poison_slab_object+0xe0/0x150
[  552.304700][ T5142]  __kasan_slab_free+0x37/0x60
[  552.309491][ T5142]  kfree+0x149/0x360
[  552.313408][ T5142]  kobject_put+0x22f/0x480
[  552.317842][ T5142]  bch2_fs_free+0x27b/0x3c0
[  552.322352][ T5142]  bch2_fs_get_tree+0xf6f/0x16c0
[  552.327300][ T5142]  vfs_get_tree+0x90/0x2a0
[  552.331722][ T5142]  do_new_mount+0x2be/0xb40
[  552.336225][ T5142]  __se_sys_mount+0x2d6/0x3c0
[  552.340909][ T5142]  do_syscall_64+0xf3/0x230
[  552.345414][ T5142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.351316][ T5142] 
[  552.353642][ T5142] Last potentially related work creation:
[  552.359373][ T5142]  kasan_save_stack+0x3f/0x60
[  552.364143][ T5142]  __kasan_record_aux_stack+0xac/0xc0
[  552.369542][ T5142]  insert_work+0x3e/0x330
[  552.373876][ T5142]  __queue_work+0xc16/0xee0
[  552.378386][ T5142]  queue_work_on+0x1c2/0x380
[  552.382980][ T5142]  bch2_dev_do_discards+0x189/0x200
[  552.388183][ T5142]  bch2_do_discards+0x29/0x60
[  552.392862][ T5142]  journal_write_done+0x785/0xea0
[  552.397894][ T5142]  process_scheduled_works+0xa2c/0x1830
[  552.403459][ T5142]  worker_thread+0x86d/0xd40
[  552.408075][ T5142]  kthread+0x2f0/0x390
[  552.412164][ T5142]  ret_from_fork+0x4b/0x80
[  552.416594][ T5142]  ret_from_fork_asm+0x1a/0x30
[  552.421372][ T5142] 
[  552.423694][ T5142] Second to last potentially related work creation:
[  552.430275][ T5142]  kasan_save_stack+0x3f/0x60
[  552.434956][ T5142]  __kasan_record_aux_stack+0xac/0xc0
[  552.440343][ T5142]  insert_work+0x3e/0x330
[  552.444680][ T5142]  __queue_work+0xc16/0xee0
[  552.449207][ T5142]  queue_work_on+0x1c2/0x380
[  552.453807][ T5142]  bch2_dev_do_discards+0x189/0x200
[  552.459013][ T5142]  bch2_do_discards+0x29/0x60
[  552.463715][ T5142]  journal_write_done+0x785/0xea0
[  552.468748][ T5142]  process_scheduled_works+0xa2c/0x1830
[  552.474317][ T5142]  worker_thread+0x86d/0xd40
[  552.478920][ T5142]  kthread+0x2f0/0x390
[  552.483022][ T5142]  ret_from_fork+0x4b/0x80
[  552.487450][ T5142]  ret_from_fork_asm+0x1a/0x30
[  552.492325][ T5142] 
[  552.494649][ T5142] The buggy address belongs to the object at ffff888041f60000
[  552.494649][ T5142]  which belongs to the cache kmalloc-4k of size 4096
[  552.508718][ T5142] The buggy address is located 176 bytes inside of
[  552.508718][ T5142]  freed 4096-byte region [ffff888041f60000, ffff888041f61000)
[  552.522718][ T5142] 
[  552.525051][ T5142] The buggy address belongs to the physical page:
[  552.531559][ T5142] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41f60
[  552.540338][ T5142] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  552.549022][ T5142] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  552.557063][ T5142] page_type: 0xfdffffff(slab)
[  552.561761][ T5142] raw: 00fff00000000040 ffff888015042140 0000000000000000 dead000000000001
[  552.570353][ T5142] raw: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000
[  552.578941][ T5142] head: 00fff00000000040 ffff888015042140 0000000000000000 dead000000000001
[  552.587612][ T5142] head: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000
[  552.596289][ T5142] head: 00fff00000000003 ffffea000107d801 ffffffffffffffff 0000000000000000
[  552.604963][ T5142] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  552.613635][ T5142] page dumped because: kasan: bad access detected
[  552.620061][ T5142] page_owner tracks the page as allocated
[  552.625957][ T5142] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5767, tgid 5767 (dhcpcd), ts 127655970402, free_ts 127602728804
[  552.647672][ T5142]  post_alloc_hook+0x1f3/0x230
[  552.652453][ T5142]  get_page_from_freelist+0x2ccb/0x2d80
[  552.658013][ T5142]  __alloc_pages_noprof+0x256/0x6c0
[  552.663228][ T5142]  alloc_slab_page+0x5f/0x120
[  552.667913][ T5142]  allocate_slab+0x5a/0x2f0
[  552.672419][ T5142]  ___slab_alloc+0xcd1/0x14b0
[  552.677096][ T5142]  __slab_alloc+0x58/0xa0
[  552.681430][ T5142]  __kmalloc_noprof+0x25a/0x400
[  552.686293][ T5142]  tomoyo_realpath_from_path+0xcf/0x5e0
[  552.691934][ T5142]  tomoyo_realpath_nofollow+0xba/0x100
[  552.697679][ T5142]  tomoyo_find_next_domain+0x272/0x1cf0
[  552.703360][ T5142]  tomoyo_bprm_check_security+0x115/0x180
[  552.709224][ T5142]  security_bprm_check+0x65/0x90
[  552.714184][ T5142]  bprm_execve+0xa56/0x1770
[  552.718706][ T5142]  do_execveat_common+0x553/0x700
[  552.723743][ T5142]  __x64_sys_execve+0x92/0xb0
[  552.728427][ T5142] page last free pid 5763 tgid 5763 stack trace:
[  552.734750][ T5142]  free_unref_page+0xd22/0xea0
[  552.739525][ T5142]  __slab_free+0x31b/0x3d0
[  552.743963][ T5142]  qlist_free_all+0x9e/0x140
[  552.748567][ T5142]  kasan_quarantine_reduce+0x14f/0x170
[  552.754031][ T5142]  __kasan_slab_alloc+0x23/0x80
[  552.758887][ T5142]  __kmalloc_noprof+0x1a6/0x400
[  552.763748][ T5142]  security_task_alloc+0x43/0x130
[  552.768778][ T5142]  copy_process+0x1692/0x3d90
[  552.773557][ T5142]  kernel_clone+0x226/0x8f0
[  552.778280][ T5142]  __se_sys_clone3+0x2cb/0x350
[  552.783072][ T5142]  do_syscall_64+0xf3/0x230
[  552.787580][ T5142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.793572][ T5142] 
[  552.795907][ T5142] Memory state around the buggy address:
[  552.801542][ T5142]  ffff888041f5ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  552.809608][ T5142]  ffff888041f60000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  552.817684][ T5142] >ffff888041f60080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  552.825746][ T5142]                                      ^
[  552.831375][ T5142]  ffff888041f60100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  552.839440][ T5142]  ffff888041f60180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  552.847500][ T5142] ==================================================================
[  553.004090][ T5142] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  553.011351][ T5142] CPU: 1 UID: 0 PID: 5142 Comm: kworker/1:5 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  553.021641][ T5142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  553.031826][ T5142] Workqueue: bcachefs_write_ref bch2_do_discards_work
[  553.038649][ T5142] Call Trace:
[  553.041961][ T5142]  <TASK>
[  553.044929][ T5142]  dump_stack_lvl+0x241/0x360
[  553.049665][ T5142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.054911][ T5142]  ? __pfx__printk+0x10/0x10
[  553.059553][ T5142]  ? preempt_schedule+0xe1/0xf0
[  553.064450][ T5142]  ? vscnprintf+0x5d/0x90
[  553.068824][ T5142]  panic+0x349/0x870
[  553.072764][ T5142]  ? check_panic_on_warn+0x21/0xb0
[  553.077920][ T5142]  ? __pfx_panic+0x10/0x10
[  553.082383][ T5142]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  553.088405][ T5142]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  553.094779][ T5142]  ? print_report+0x502/0x550
[  553.099502][ T5142]  check_panic_on_warn+0x86/0xb0
[  553.104483][ T5142]  ? percpu_ref_put+0xda/0x250
[  553.109268][ T5142]  end_report+0x77/0x160
[  553.113524][ T5142]  kasan_report+0x154/0x180
[  553.118073][ T5142]  ? kfree+0x4e/0x360
[  553.122075][ T5142]  ? percpu_ref_put+0xda/0x250
[  553.126858][ T5142]  ? percpu_ref_put+0x1f/0x250
[  553.131639][ T5142]  percpu_ref_put+0xda/0x250
[  553.136241][ T5142]  bch2_do_discards_work+0x286a/0x2d10
[  553.141709][ T5142]  ? __pfx_validate_chain+0x10/0x10
[  553.146933][ T5142]  ? mark_lock+0x9a/0x360
[  553.151275][ T5142]  ? bch2_do_discards_work+0x2ce/0x2d10
[  553.156873][ T5142]  ? __pfx_bch2_do_discards_work+0x10/0x10
[  553.162690][ T5142]  ? mark_lock+0x9a/0x360
[  553.167030][ T5142]  ? debug_object_deactivate+0x2d5/0x390
[  553.172689][ T5142]  ? __lock_acquire+0x1359/0x2000
[  553.177746][ T5142]  ? __pfx_lock_acquire+0x10/0x10
[  553.182784][ T5142]  ? bch2_do_discards_work+0x2ce/0x2d10
[  553.188341][ T5142]  ? process_scheduled_works+0x945/0x1830
[  553.194077][ T5142]  process_scheduled_works+0xa2c/0x1830
[  553.199739][ T5142]  ? __pfx_process_scheduled_works+0x10/0x10
[  553.205752][ T5142]  ? assign_work+0x364/0x3d0
[  553.210465][ T5142]  worker_thread+0x86d/0xd40
[  553.215131][ T5142]  ? __kthread_parkme+0x169/0x1d0
[  553.220197][ T5142]  ? __pfx_worker_thread+0x10/0x10
[  553.225329][ T5142]  kthread+0x2f0/0x390
[  553.229418][ T5142]  ? __pfx_worker_thread+0x10/0x10
[  553.234550][ T5142]  ? __pfx_kthread+0x10/0x10
[  553.239159][ T5142]  ret_from_fork+0x4b/0x80
[  553.243592][ T5142]  ? __pfx_kthread+0x10/0x10
[  553.248197][ T5142]  ret_from_fork_asm+0x1a/0x30
[  553.252988][ T5142]  </TASK>
[  553.256333][ T5142] Kernel Offset: disabled
[  553.260841][ T5142] Rebooting in 86400 seconds..